Comment 1 for bug 1040523

Based on the DataStore.lookup_nonce() method, and it's call-site in oauth.OAuthServer._check_nonce(), it looks as though lookup_nonce() is responsible should "Verify that the nonce is uniqueish.". I assume that means unique for the consumer/token keys, yet the database constraint is a simple unique constraint on webcatalog.Nonce.nonce.

I'll prepare branch that relaxes this to unique for consumer/token - if that's not correct, let me know.