According to https://oauth.net/core/1.0a/#nonce
[...] the timestamp is expressed in the number of seconds since January 1, 1970 00:00:00 GMT [...]
The current implementation of com.github.scribejava.core.services.TimestampServiceImpl.Timer.getMilis() returns System.currentTimeMillis();.
I think that this fulfills the specification only when the application runs in GMT time zone.
My application is running in Germany. And for a requests to a server my application got the answer "oauth_timestamp missing or invalid".
In the API docs there is a hint that "[...] requests where the timestamp differs more than 10 minutes from the current UTC time will fail."
Changing the implementation of com.github.scribejava.core.services.TimestampServiceImpl.Timer.getMilis() to return Instant.now().getEpochSecond()*1000L; works fine.
So I think that this should be the general implementation to have an oauth_timestamp independently from the system's time.
According to https://oauth.net/core/1.0a/#nonce
The current implementation of
com.github.scribejava.core.services.TimestampServiceImpl.Timer.getMilis()returnsSystem.currentTimeMillis();.I think that this fulfills the specification only when the application runs in GMT time zone.
My application is running in Germany. And for a requests to a server my application got the answer "oauth_timestamp missing or invalid".
In the API docs there is a hint that "[...] requests where the timestamp differs more than 10 minutes from the current UTC time will fail."
Changing the implementation of
com.github.scribejava.core.services.TimestampServiceImpl.Timer.getMilis()toreturn Instant.now().getEpochSecond()*1000L;works fine.So I think that this should be the general implementation to have an oauth_timestamp independently from the system's time.