[Openid-specs-ab] Nonce requirement in hybrid auth request
Vladimir Dzhuvinov
vladimir at connect2id.com
Tue Jul 7 09:07:52 UTC 2015
Hello guys,
I noticed that Core doesn't specify the conditions when nonce is
required in hybrid authentication requests:
http://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest
Shouldn't there be a sentence that nonce is required when response_type
is "code id_token" or "code id_token token" (and optional with "code
token")?
The hybrid example seems correct.
Cheers,
Vladimir
--
Vladimir Dzhuvinov
More information about the Openid-specs-ab
mailing list