Menu
I am writing the provider part of the OAuth protocol on the serverside and I'm cracking my ahead over how much of the nonces sent by OAuth consumers that I need to cache.
According to twitter's docs,
Twitter will only allow a nonce to be used once by your application. Prevents replayed requests.
The question: My implementation will just simply add each nonces received into memcached. But this will take up a lot of memory space. How much of the nonces should I ideally cache and for how long ?
735
Nonces only need to be unique for all requests using the same timestamp. You should deny requests with a timestamp older then 5 minutes so you only need to store nonces for 5 minutes.
https://www.rfc-editor.org/rfc/rfc5849#section-3.3
157
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
