[Openid-specs-ab] nonce for code+id_token flow

Chunlei Niu (牛春雷) niuchl at google.com
Tue Apr 8 00:30:10 UTC 2014


Hey,

We are implementing nonce support for the code flow, and find that the
behavior of code + id_token flow is not well defined in the spec. It
doesn't seem right to generate two id tokens (one for each response type)
with the same nonce.

Any ideas?

Thanks.
- Chunlei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140407/225d4199/attachment.html>


More information about the Openid-specs-ab mailing list