[Openid-specs-ab] Another question regarding nonce
Sascha Preibisch
spreibisch at layer7tech.com
Fri Nov 30 00:27:16 UTC 2012
Hi!
I tried to find an answer for my question in older mailing list posts but I did not find it.
I would like to know if a basic client profile client should pass in the optional "nonce" parameter with the initial authorization request or when requesting an "access_token" in exchange for the "code". I assume the spec refers to the initial request.
As a client I do not really care when it has to be passed in. But as a server I would prefer to receive the "nonce" when the client exchanges the "code" for an "access_token".
Thanks,
Sascha
Sascha Preibisch
Senior Software Developer, Tactical Team
Layer 7 Technologies
405-1100 Melville St. Vancouver BC, V6E 4A6
spreibisch at layer7tech.com<mailto:spreibisch at layer7tech.com>
(778) 328-5288
http://www.layer7tech.com
[cid:image001.png at 01CDCE4D.C0E8D360]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121129/4acfb490/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 4841 bytes
Desc: image001.png
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20121129/4acfb490/attachment.png>
More information about the Openid-specs-ab
mailing list