[Openid-specs-ab] Issue #1356: SIOP request, parameters state and nonce (openid/connect)
chrisiba
issues-reply at bitbucket.org
Sat Nov 13 11:19:22 UTC 2021
New issue 1356: SIOP request, parameters state and nonce
https://bitbucket.org/openid/connect/issues/1356/siop-request-parameters-state-and-nonce
Christina Bauer:
As of now the `state` parameter \(RECOMMENDED by OpenID Core Section 3.1.2.1\) is missing in the request parameters.
I suggest either
* adding it to the request parameter list or
* making explicit that the parameter merely an extension of the parameters given for the OpenID Core Implicit Flow.
Similarly, `nonce` \(REQUIRED for the Implicit Flow\) is not listed. The current hint “Since it is an Implicit Flow response, `nonce` Claim MUST be present.“ seems confusing to me, since a nonce PARAMETER is required, and this might lead to confusion with the `claims` parameter.
More information about the Openid-specs-ab
mailing list