Error was "nonce_used", with parameters "oauth_problem=nonce_used"
Platform Notice: Data Center Only - This article only applies to Atlassian products on the Data Center platform.
Note that this KB was created for the Data Center version of the product. Data Center KBs for non-Data-Center-specific features may also work for Server versions of the product, however they have not been tested. Support for Server* products ended on February 15th 2024. If you are running a Server product, you can visit the Atlassian Server end of support announcement to review your migration options.
*Except Fisheye and Crucible
Summary
Problem
After upgrading JIRA 5.x to JIRA 6.x, REST requests are not reaching JIRA.
The following appears in the atlassian-jira.log
1
2015-05-27 14:48:39,500 http-bio-8080-exec-8 WARN anonymous user - 127.0.0.1 /rest/api/2/user[oauth.serviceprovider.internal.AuthenticatorImpl] Problem encountered authenticating OAuth client for url "http://[Server-name]:8080/rest/api/2/user", error was "nonce_used", with parameters "{oauth_problem=nonce_used}"Diagnosis
It may be that your application is re-using parameters or sending the same OAuth request. To confirm each request is using a unique nonce value use a tool such as Fiddler or Charles for inspecting the HTTP requests being sent/received.
Cause
Incoming REST requests using OAuth are signed with a unique nonce string which is a one-time-use unique string to uniquely identify each signed request. By having a unique identifier for each request, the Service Provider is able to prevent requests from being used more than once.
In JIRA 6.0 onwards, OAuth parameters were added to the body of an HTTP POST request. This is further explained on the JIRA Server Developer OAuth page. With every request that triggers a "POST" method using the JIRA REST API, ensure the nonce parameter request is not being reused.
Solution
Workaround
Use Basic Authentication instead of OAuth.
Was this helpful?