The OAuth nonce is something I’ve never fully understood. This is what the docs say:
“The oauth_nonce parameter is a unique token your application should generate for each unique request. Twitter will use this value to determine whether a request has been submitted multiple times. The value for this request was generated by base64 encoding 32 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here.”
This implies to me that I should do the following to generate the OAuth nonce:
- Generate a random alphanumeric string (like aAbBcC123 but longer) with 32 characters
- Convert the string to UTF8 data
- Base64 encode the UTF8 data
Is my understanding correct? Where exactly fits “stripping out all non-word characters” in the implementation above?