[2.0] Use RandomLib to generate a secure nonce

[shadowhand]

The current method is not cryptographically secure.

https://paragonie.com/blog/2015/07/how-safely-generate-random-strings-and-integers-in-php

[stevenmaguire]

:+1:

[paragonie-scott]

:+1: although this might be a bit more performant:

class Crypto
{
    public function __construct()
    {
        $factory = new Factory();
        $generator = $factory->getMediumStrengthGenerator();
    }

    /**
     * Generate a random string.
     *
     * @param int $length Optional, defaults to 32
     *
     * @return string
     *
     * @see    OAuth 1.0 RFC 5849 Section 3.3
     */
    public static function nonce($length = 32, $pool = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ')
    {
        return $this->generator->generateString($length, $pool);
    }
}

[shadowhand]

@paragonie-scott that wouldn't work, the nonce method is static. In a normal OAuth flow, it would only ever be called once per request.

[stevenmaguire]