[Openid-specs-ab] Issue #6: Need test for ID Token has nonce when requested for non-code flows (openid/certification)
Michael Jones
issues-reply at bitbucket.org
Thu Jan 22 00:00:07 UTC 2015
New issue 6: Need test for ID Token has nonce when requested for non-code flows
https://bitbucket.org/openid/certification/issue/6/need-test-for-id-token-has-nonce-when
Michael Jones:
This test should request a nonce value with the nonce= request parameter and verify that the ID Token returned contains the requested nonce value. The spreadsheet currently says that OP-B-07 (Includes at_hash in ID Token when Implicit Flow is Used) tests this, but even if it does, this test isn't included in the hybrid flows or the id_token flow, and so this isn't the right place to test this. It should be its own test.
More information about the Openid-specs-ab
mailing list