I tried to set up a personal OpenID server here at wordaligned. The process went smoothly enough and a couple of tests on my localhost suggested all was working so I deployed the changes. When I then tried logging in to a website using my shiny new identity I found that, not only had I cocked something up, but, as you can see from the query parameter in my browser’s address bar, the site thought I was a nonce.
Hey, I’m guilty of entering an invalid ID, but I’m no pervert!
In the UK, the term nonce (sometimes spelled “nonse”) is a slang word used to refer to a sex offender and/or child sexual abuser, and thus as an insult.
11.3. Checking the Nonce
To prevent replay attacks, the agent checking the signature keeps track of the nonce values included in positive assertions and never accepts the same value more than once for the same OP Endpoint URL.
Digging deeper, I learn that outside the world of crime and cryptography:
It’s mainly a term of trade among lexicographers and linguists and turns up also in phrases like nonce compound, nonce borrowing and nonce formation.