nonces should be checked only within given timestamp
According to OAuth Core 1.0/1.0a:
The Consumer SHALL then generate a Nonce value that is unique for all requests with that timestamp. A nonce is a random string, uniquely generated for each request. The nonce allows the Service Provider to verify that a request has never been made before and helps prevent replay attacks when requests are made over a non-secure channel (such as HTTP).
Nonce model should have indexed timestamp field. There would be also nice to have some setting which allows to deny requests with timestamp older then specified period. Nonces then could be periodically purged from db (like django sessions stored in db backend).