Recently, within the past month, my tool provider application has begun to receive duplicate OAuth nonces from at least 10 different tool consumers, all of which are Blackboard installations.
Our OAuth protocol properly partitions different tool consumers nonces so they do not conflict. We also only consider a nonce history of 10 seconds, so we are not improperly considering an old nonce as a duplicate in this case.
I've found this issue arises with the following blackboard versions. It has never originated from any other LMS (Canvas, Moodle, etc). Are there any outstanding issues wrt duplicate nonces in these blackboard versions?