We decided that SIWE nonces should be valid for 30 minutes. In this diff we clean up stale nonces that are no longer valid from the siwe_nonces table every 24 hours as part of a cron job.
But doesn't that mean that a nonce could be valid for far longer than 30 minutes?
We're also going to be checking the creation_time of the nonce on every request to ensure that it's <30 minutes old. This is more to reduce clutter in the siwe_nonces table.