© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
2eb648a
demo site
(Get the code!)
Using lplib in a long-running script that made tens of thousands of request I was occasionally seeing "Invalid nonce/timestamp" errors as shown below[1].
Reviewing the code in db/oath.py for ensureNonce vs the OAuth spec[2] it seems our implementation is exactly backwards. Rather than require nonce uniqueness only for the period of a given timestamp (1 second), our implementation allows nonce reuse for a period of [t-60, t+60] seconds for any timestamp t and then raises an error if the nonce is used again outside of this window. As described in the spec, re-using a nonce with different timestamps should be allowed, not an error condition.
At the top of db/oath.py there is a rationale given for the use of this expanded window but the justification is not strong. It would be better to follow the spec strictly until the need to deviate is demonstrated and well understood.
[1] https:/
[2] http://