I have a web application that authenticates users on their flickr api. It uses OAuth 1.0, and authentication works most of the time. But at random moments, at completely random times, flickr does not recognize my signature. It returns an invalid signature error when requesting a request token. But the same code in the next attempt will properly return the request token.
I suspect this has something to do with how I create a nonce or timestamp. Otherwise, it should not work in a consistent attempt, right?
This is how I generate nonce and tim stamp values:
$nonce = md5(microtime(true).rand());
$timestamp = mktime();
Is there a problem with this? Are there any better ways to generate nonce values? This random glitch is very confusing. I can’t think of any other reason why I get the wrong error, RANDOM!
Followup
As suggested by Jan Gerlinger, I changed mktime () to time (). This, of course, reduced the frequency of occurrence. But still it gives an incorrect signature error at random points in time, very rarely after changing the time (), I could add.
So, I assume that timestamp (mktime) was one of the problems causing these random errors. But there is something else wrong. Maybe in the nonce generation?
source
share