Used 16 char length nonces (32-char OAuth nonces are rejected by some services)

Author: jaaufauvre

Mastercard.Developer.OAuth1Signer.Core/OAuth.cs

@@ -1,5 +1,6 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Security.Cryptography;
 using System.Text;
 using Mastercard.Developer.OAuth1Signer.Core.Utils;
@@ -13,6 +14,7 @@ namespace Mastercard.Developer.OAuth1Signer.Core
     public static class OAuth
     {
         public const string AuthorizationHeaderName = "Authorization";
+        private static readonly Random Random = new Random();
 
         /// <summary>
         /// Creates a Mastercard API compliant OAuth Authorization header.
@@ -210,9 +212,9 @@ private static byte[] Sha256Digest(string input, Encoding encoding)
         }
 
         /// <summary>
-        /// Generates a random string for replay protection as per https://tools.ietf.org/html/rfc5849#section-3.3.
+        /// Generates a 16 char random string for replay protection as per https://tools.ietf.org/html/rfc5849#section-3.3.
         /// </summary>
-        internal static string GetNonce() => Guid.NewGuid().ToString().Replace("-", string.Empty);
+        internal static string GetNonce() => string.Concat(Enumerable.Range(0, 16).Select(_ => Random.Next(16).ToString("x")));
 
         /// <summary>
         /// Returns UNIX Timestamp as required per https://tools.ietf.org/html/rfc5849#section-3.3.

Mastercard.Developer.OAuth1Signer.Tests/OAuthTest.cs

@@ -173,10 +173,13 @@ public void TestToUriRfc3986()
         }
 
         [TestMethod]
-        public void TestGetNonce_ShouldHaveLengthOf32()
+        public void TestGetNonce_ShouldHaveLengthOf16()
         {
-            var nonce = OAuth.GetNonce();
-            Assert.AreEqual(32, nonce.Length);
+            Enumerable.Range(0, 100000).ToList().ForEach(_ =>
+            {
+                var nonce = OAuth.GetNonce();
+                Assert.AreEqual(16, nonce.Length);
+            });
         }
     }
 }