The 'nonce' parameter is fundamentally broken

[pesho]

The nonce parameter is required to increase monotonically. This may work well in single-process apps, but is a broken approach in modern distributed apps.

E.g. node-bitpay-client uses the current time to seed the nonce. This causes failed API requests when several processes are started.

[martindale]

This may be relevant to bitpay/bitauth#13, though I wonder if nonce should be a part of BitAuth, or should remain in the BitPay API.

[martindale]

Continuing from the Reddit discussion:

Generating separate keypairs for each process is not a good solution. It's a manual operation, requiring a live person with access to the BitPay account to grant access for each process separately. We live in the PaaS era, when firing new processes is supposed to be a cheap and quick, even automatic operation.

This should be possible today; once the very first identity is created (and a corresponding token, containing the capability to authorize additional tokens), subsequent identity claims can be approved through the API by using this token. This is definitely a use case that has been on our mind that we aim to improve based on real-world use.

[braydonf]

With the addition of API sessions, this issue should be good to close.

[pesho]

It seems so. I'm closing the issue. Thanks to all involved in fixing it.