Questionable nonce generation #16
Description
The generate_nonce function uses a very questionable method for random number generation.
The schema is hmac(math.random() + "random" + os.time(), "keyyy").
I am not familiar with the security requirements for an oauth nonce, but all parts of this are trivially guessable or constant. If the goal is simply to have a unique number, just using e.g. socket.gettime() and/or a counter should be enough, so the complexity of the nonce generation makes me think this might be a poor attempt at generating a secret nonce.