Skip to content
This repository has been archived by the owner on Dec 16, 2020. It is now read-only.

'nonce' is required in Implicit Flow #3

Open
tomkuipers opened this issue Dec 17, 2018 · 0 comments
Open

'nonce' is required in Implicit Flow #3

tomkuipers opened this issue Dec 17, 2018 · 0 comments
Assignees
@quartje

Comments

@tomkuipers
Copy link
Contributor

According to the OpenID Connect specification 'nonce' is required in the authentication request for the Implicit Flow: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest. It is however missing in the Implicit Flow auth request.
In the Authorization Code Flow 'nonce' is optional: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@quartje quartje

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tomkuipers @quartje