To keep things simple I am trying to invoke a service which requires no parameters, because these would complicate the request signing.
I am sending requests to: http://127.0.0.1:8080/api/secure/jsonws/portal/get-build-number
With headers like the following:
Authorization: OAuth realm="http%3A%2F%2F127.0.0.1", oauth_consumer_key="788f3eac-52bd-4f08-9116-4fb8736bc001", oauth_token="7273397d78a8aeba92dab3887d9271ed", oauth_signature_method="HMAC-SHA1", oauth_signature="NN%2BCuYEDJAXM2ebi5rWjKUw0g1A%3D", oauth_timestamp="1373238929", oauth_nonce="9ece7ca255aa3e66bb3ac75f160dff646f28b829", oauth_version="1.0"
That's the correct parameters for the header isn't it?
The response I am getting is:
WWW-Authenticate: OAuth realm="http%3A%2F%2F127.0.0.1", oauth_problem="nonce_used"
This is very odd because I am certain that the nonce I am sending has not been sent before (I've intercepted all HTTP traffic to verify this). I've restarted Liferay many times to clear it's memory too (just to be on the extra safe side). Are you aware of any issues with the OAuth implementation for resource URLs in regards to nonce? I could not find any such issues logged on JIRA.
Any thoughts you can offer would be much appreciated!