Preconditions

• Install Confluence and JIRA.
• Access them via HTTP.
• Ensure that remote confluence issue links are retrieved via REST (this is the default behaviour in JIRA 7.3.x)

Steps to reproduce:

1. Create an application link between Confluence and JIRA
2. On an issue, create a Confluence page link to at least three pages. The more, the more likely this error will occur.
3. Navigate to the global issue search page (e.g.,, http://yourjirainstance.com/issues/?jql=)
4. Put the issue navigator in to "details mode"
5. Select the issue with the page links so that it loads in to the detail panel.
6. Repeatedly render this issue in quick succession (e.g., use the j and k keyboard shortcuts to navigate away from and to the issue quickly)

Expected results

Every confluence page link should render correctly.

Actual results

Some of the requests for the rendered issue link will respond with an HTTP 500.

localhost.har.zip

An error appears in the server logs:

2017-07-13 22:18:03,648 http-nio-8090-exec-20 ERROR bob 1338x5557x2 1csbprt 0:0:0:0:0:0:0:1 /rest/viewIssue/1/remoteIssueLink/render/10002 [c.a.j.p.v.issuelink.rest.RemoteIssueLinkResource] Error occurred while generating final HTML for remote issue link: java.lang.RuntimeException: java.io.IOException: Failed to load Confluence Page from remote server Caused by: java.io.IOException: Failed to load Confluence Page from remote server Caused by: com.atlassian.applinks.internal.common.auth.oauth.OAuthMessageProblemException: OAuth authentication failed: nonce_used

Notes

This seems to be a request timing problem, in which OAuth suspects the legitimate client requests to the remote instance are in fact replay attacks over an insecure HTTP connection.