[Openid-specs-ab] Question on nonce

John Bradley ve7jtb at ve7jtb.com
Wed Aug 24 15:10:54 UTC 2011


The nonce ties the session to the issued id_token.  

The RP generates the nonce.  

The IdP MUST pass the nonce through unchanged to the id_token.
The IdP MUST NOT reject duplicates.

The OAuth state parameter not being signed in the response is designed to stop XSRF, but not other cut and paste attacks that might happen in the the browser.

As a RP/ Web Server Client, I would use a hash of the session cookie as the nonce and state value.

That way when I get the id_token in ether the fragment via the implicit floe or from the token endpoint in the code flow, I can be courting that it relates to a particular session, and is not the result of a cut and paste attack in the browser using a stolen token.

The reason for the IdP to not reject duplicate nonce is that it might legitimately be a second request bound to an existing session.

Thanks for the question.  That needs to be clearer.

Mind you this only protects SSL RP as if you can fire sheep someones session you would also get the session cookie.  (Non SSL RP over open wireless are not possible to protect)


John B.


On 2011-08-24, at 12:59 AM, Andreas Åkre Solberg wrote:

> I cannot find a good description of the purpose of the nonce parameter. I believe there can be more than one answer to that.
> 
> Is the provider expected to not accept nonce values that have been used in the past? 
> 
> Andreas
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4767 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20110824/75e4d4bf/attachment.p7s>


More information about the Openid-specs-ab mailing list