nonce usage in authentication

Question

In digest based authentication, nonce is generated by server. However in OAuth based authentication, nonce is generated by client. I want to know if anyone knows the reason for

Answer 1

Firstly, sometimes clients do provide a nonce in digest auth, but mainly it relies on the server (see RFC2617)

Secondly, because if you think of the authentication procedure in terms of a handshake, then with Oauth when you already have a token you've been through half of the handshake, you've already spoken with the server, so your next move is to contact the server with your service request. This needs to be protected by a nonce too, so you provide it.

Or, the converse. I already have the token, so why would I contact the server to get a nonce so that I could then contact the server again with my service request? I might make a 1000 service requests, by producing my own nonces it cuts down on 2000 bits of network traffic that were unneeded.