AnsweredAssumed Answered

Blackboard sending duplicate nonces during LTI provider request

Question asked by bailey.miller on Jan 25, 2018
Latest reply on Jan 31, 2018 by bailey.miller


Recently, within the past month, my tool provider application has begun to receive duplicate OAuth nonces from at least 10 different tool consumers, all of which are Blackboard installations.

 

Our OAuth protocol properly partitions different tool consumers nonces so they do not conflict. We also only consider a nonce history of 10 seconds, so we are not improperly considering an old nonce as a duplicate in this case.

 

I've found this issue arises with the following blackboard versions. It has never originated from any other LMS (Canvas, Moodle, etc). Are there any outstanding issues wrt duplicate nonces in these blackboard versions?

 

bb-3100.0.6-rel.3+cd2a24d

bb-3200.0.5-rel.6+3dd6b56

bb-3300.0.1-rel.61+f9847e0

   

Thanks

Outcomes