Why can't I update our Twitter status?

Question

I've spent the last three hours trying to get a simple Twitter status update to work using Zend_Service_Twitter and Zend_Oauth_Token_Access. Infuriatingly, I keep getting the following response:

object(Zend_Rest_Client_Result)#34 (2) {
  ["_sxml:protected"]=>
  object(SimpleXMLElement)#39 (2) {
    ["request"]=>
    string(33) "/1/account/verify_credentials.xml"
    ["error"]=>
    string(20) "Invalid / used nonce"
  }
  ["_errstr:protected"]=>
  NULL
}

Here is the code I have tried:

$token = new Zend_Oauth_Token_Access();
$token->setToken('my token');
$token->setTokenSecret('my token secret');

$params = array('accessToken' => $token,
                'consumerKey' => 'my key',
                'consumerSecret' => 'my secret'
               );
$twitter = new Zend_Service_Twitter($params);

$response = $twitter->statusUpdate('simpletest');

What on Earth is a 'nonce'? If I mess up the token/token secret the error message in the response changes accordingly. However, with correct credentials I keep getting the above noncence (pun intended). Also, I have tried several alternatives such as the ones in this previous post on SO.

Any help would be appreciated!

Update:

In case it helps, or makes things easier, all I am trying to do is update the status of a single Twitter account, which is the application's twitter account. As I commented below @David Caunt's answer, whenever an 'item' gets posted to our site, the site's Twitter status will update to a brief description of the item as well as a link. That's all! This used to work, before oAuth became compulsory to make API calls (all that was needed was to instantiate a Zend_Service_Twitter and pass in our credentials).

Answer 1

Consulting the reference manual, I believe your error is in creating the Zend_Service_Twitter object.

$twitter = new Zend_Service_Twitter(array(
    'username' => 'johndoe',
    'accessToken' => $token
));
$response   = $twitter->status->update('My Great Tweet');

You do not need to pass in the key and secret again, as they are contained in the access token used to sign the request.

See also my comment above explaining the nonce.

UPDATE:

I've tried the code in a minimal environment and you're right, it simply doesn't work.

You can see all of my code in a GitHub gist. It's deliberately minimal, avoiding MVC and other complications.

You may take comfort in the fact that a Zend_Http_Client returned from the Access Token does work.

Answer 2

Twitter servers were reporting a problem with my nonces, when the error was in the signature.

My OAuth code was working for most requests, but when trying to post new statuses I was getting "Invalid / used nonce" as a response.

After much debugging, I found out I was failing to encode spaces as %20 and instead was sending them as +. After using the correct encoding, it worked flawlessly.

Twitter servers should have reported a problem with the signature, not the nonce.

I don't really expect you guys to waste any time fixing this (but it would be nice)... I just want to leave this note here so next time someone comes googling for "invalid / used nonce" they know they have to look at their encodings too.

From http://code.google.com/p/twitter-api/issues/detail?id=1059 (other solution in comments)