How strict is the Twitter API when it comes to OAuth Nonce and Timestamp? The resolution for timestamps is in seconds. This means that several calls to the API can happen for the same timestamp when the traffic is high.
Here is what the specification says: “The Consumer SHALL then generate a Nonce value that is unique for all requests with that timestamp. A nonce is a random string, uniquely generated for each request. The nonce allows the Service Provider to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non-secure channel (such as HTTP).” – http://oauth.net/core/1.0/#nonce
What does unique for all requests with the same timestamp mean? If it means that the Nonce value should remain the same, then that contradicts the second statement about how each nonce shall be uniquely generated for each request.
As I have implemented it now I generate a unique Nonce value for each request regardless of what the timestamp is. Is that the correct or recommended approach?