[Openid-specs-ab] Issue #972: Nonce requirement in hybrid auth request (openid/connect)

Vladimir Dzhuvinov issues-reply at bitbucket.org
Sat Jul 25 08:13:27 UTC 2015


New issue 972: Nonce requirement in hybrid auth request
https://bitbucket.org/openid/connect/issues/972/nonce-requirement-in-hybrid-auth-request

Vladimir Dzhuvinov:

I noticed that Core doesn't specify the conditions when nonce is
required in hybrid authentication requests:

http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest

Shouldn't there be a sentence that nonce is required when response_type
is "code id_token" or "code id_token token" (and optional with "code
token")?

The hybrid example seems correct.

Cheers,

Vladimir





More information about the Openid-specs-ab mailing list