Can someone share the best practices for creating a nonce for an OAuth request in Python?
While this probably does not exist at the time of this question creation, Python 3.6 introduced the secrets module which is meant for generating cryptographically strong random numbers suitable for managing data such as passwords, account authentication, security tokens, and related secrets.
In this case, generating a nonce can be generated easily (here a base64 encoded string):
nonce = secrets.token_urlsafe()
Alternatives are token_bytes to get a binary token or token_hex to get an hexadecimal string.