[Openid-specs-ab] nonce for code+id_token flow
Michael.Jones at microsoft.com
Mon Apr 21 23:35:17 UTC 2014
John Bradley plans to reply, but hadn’t seen the message, so I’m reply-all’ing…
From: openid-specs-ab-bounces at lists.openid.net [mailto:openid-specs-ab-bounces at lists.openid.net] On Behalf Of Chunlei Niu (???)
Sent: Monday, April 07, 2014 5:30 PM
To: openid-specs-ab at lists.openid.net
Subject: [Openid-specs-ab] nonce for code+id_token flow
We are implementing nonce support for the code flow, and find that the behavior of code + id_token flow is not well defined in the spec. It doesn't seem right to generate two id tokens (one for each response type) with the same nonce.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openid-specs-ab