[Openid-specs-fapi] Issue #187: Part 1 client requirements for state/nonce aren't reflected as authorization server requirements (openid/fapi)

Joseph Heenan issues-reply at bitbucket.org
Tue Nov 6 09:31:19 UTC 2018


New issue 187: Part 1 client requirements for state/nonce aren't reflected as authorization server requirements
https://bitbucket.org/openid/fapi/issues/187/part-1-client-requirements-for-state-nonce

Joseph Heenan:

Part 1 requires clients send nonce (if requested openid in scope) and state otherwise.

I am thinking that there should be a clause in the authorization server section that means the server requires state/nonce as appropriate and rejects requests without them.




More information about the Openid-specs-fapi mailing list