[Openid-specs-ab] nonce for code+id_token flow

Mike Jones Michael.Jones at microsoft.com
Mon Apr 21 23:35:17 UTC 2014


John Bradley plans to reply, but hadn’t seen the message, so I’m reply-all’ing…

From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Chunlei Niu (???)
Sent: Monday, April 07, 2014 5:30 PM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] nonce for code+id_token flow

Hey,

We are implementing nonce support for the code flow, and find that the behavior of code + id_token flow is not well defined in the spec. It doesn't seem right to generate two id tokens (one for each response type) with the same nonce.

Any ideas?

Thanks.
- Chunlei
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20140421/c5a90710/attachment.html>


More information about the Openid-specs-ab mailing list