According tohttps://oauth.net/core/1.0a/#nonce

[...] the timestamp is expressed in the number of seconds since January 1, 1970 00:00:00 GMT [...]

The current implementation ofcom.github.scribejava.core.services.TimestampServiceImpl.Timer.getMilis() returnsSystem.currentTimeMillis();.
I think that this fulfills the specification only when the application runs in GMT time zone.

My application is running in Germany. And for a requests to a server my application got the answer "oauth_timestamp missing or invalid".
In the API docs there is a hint that "[...] requests where the timestamp differs more than 10 minutes from the current UTC time will fail."

Changing the implementation ofcom.github.scribejava.core.services.TimestampServiceImpl.Timer.getMilis() toreturn Instant.now().getEpochSecond()*1000L; works fine.
So I think that this should be the general implementation to have an oauth_timestamp independently from the system's time.