"oauth_nonce" parameter doesn't change beetwen requests but it should

[weierophinney]

Hello. When I tried to connect with ZendOAuth to Jira, I was always getting the same error, something like oauth_problem=nonce_used. That meant that oauth_nonce value was already used for other request.

I checked out and found that requests to service provider are sending in cycle to find preffered request style - code.

Maybe it is okay, but request params generation happens before cycle (here and here)

So oauth_nonce in request cycle never changes as it should: http://oauth.net/core/1.0a/#nonce

This makes ZendOAuth unusable with some service providers (like Jira) that strictly checks oauth_nonce to be unique for each request.

---

Originally posted by @binary-data at zendframework/ZendOAuth#29

[weierophinney]

This package is considered feature-complete, and is now in security-only maintenance mode, following a decision by the Technical Steering Committee.
If you have a security issue, please follow our security reporting guidelines.
If you wish to take on the role of maintainer, please nominate yourself

If you are looking for an actively maintained package alternative, we recommend:

• league/oauth1-client