External auth fails with "invalid nonce" depending on server timezone

[bjammin]

It seems the time in the issued nonce is in UTC, but this is being compared against the local time by ExternalAuthController.

Proposed fix:
ExternalAuthController.cs

if (nonce.Created.AddMinutes(30) < DateTime.UtcNow)

Sorry for raising this as an issue, I'm not sure if you're open to pull requests.

[mrellipse]

coded a fix. will include in deployment for next release