[Openid-specs-ab] Nonce value suggestion for the Implicit Flow

George Fletcher gffletch at aol.com
Fri Oct 25 13:17:42 UTC 2013


If we are going to give guidance, then we really need to give guidance 
for two different use cases...

1. The "client" will validate the response locally in the browser
2. The "client" will validate the response at it's server (even though 
it's using the implicit flow)

For use case 1: One method to achieve this is for the client to generate 
a random string with sufficient entropy and store a SHA-1 hash of the 
string in local storage. Then use the SHA-1 hash of the random string as 
the value of the nonce parameter. To validate the nonce on receipt of 
the ID Token, extract the nonce from the ID Token and compare it to the 
stored SHA-1 hash in local storage.

For use case 2: One method to achieve this is for the backend server to 
use a SHA-1 hash of the "clients" protected session cookie as the value 
of the nonce parameter when constructing the AuthorizationRequest. Note 
that the Session cookie SHOULD be protected (restricted to SSL and not 
readable by JavaScript) for this method. To validate the ID Token at the 
server, the server calculates a SHA-1 hash of the Session cookie value 
and compares that to the nonce value in the ID Token.

I don't know where the best place is to provide this guidance. If we 
have a "validating the ID Token" sub-section in the new ID Token 
section, then maybe it would best fit there.

Thanks,
George

On 10/24/13 7:16 PM, John Bradley wrote:
> We want the implicit flow to validate nonce,  it would be better to 
> have some reasonable advice for using HTML local storage rather than 
> session cookies.
>
> On 2013-10-24, at 3:44 PM, Mike Jones <Michael.Jones at microsoft.com 
> <mailto:Michael.Jones at microsoft.com>> wrote:
>
>> We could drop it from the Implicit Flow, as it’s already present in 
>> the Code Flow.  Does that work for people?
>> -- Mike
>> *From:*Richer, Justin P. [mailto:jricher at mitre.org <http://mitre.org>]
>> *Sent:*Thursday, October 24, 2013 12:56 PM
>> *To:*Mike Jones
>> *Cc:*openid-specs-ab at lists.openid.net 
>> <mailto:openid-specs-ab at lists.openid.net>
>> *Subject:*Re: [Openid-specs-ab] Nonce value suggestion for the 
>> Implicit Flow
>> I'm actually in favor of dropping this example, or else providing it 
>> in a list of alternatives. The important thing is that the client can 
>> validate the exact value of the nonce parameter on its way back 
>> through, the mechanics of how that happens are client specific (but 
>> we can provide simple guidance).
>>  -- Justin
>> On Oct 24, 2013, at 11:44 AM, Mike Jones <Michael.Jones at microsoft.com 
>> <mailto:Michael.Jones at microsoft.com>>
>>  wrote:
>>
>>
>> For the Implicit Flow, the “nonce” description contains this text 
>> athttp://openid.bitbucket.org/openid-connect-core-1_0.html#ImplicitAuthorizationRequest:
>> Sufficient entropy MUST be present in thenoncevalues used to prevent 
>> attackers from guessing values.One method to achieve this is to store 
>> a random value as a signed session cookie, and pass the value in 
>> thenonceparameter. In that case, thenoncein the returned ID Token can 
>> be compared to the signed session cookie to detect ID Token replay by 
>> third parties.
>> George wrote this about the suggestion in his review:
>> “I'm not sure this suggestion makes sense for the implicit flow. The 
>> client would need to write a cookie value on the domain of the 
>> redirect_uri and the attempt to read it on the return of the implicit 
>> flow. Wondering if a local storage example would make more sense.”
>> Do people agree with him?  If so, does someone want to supply 
>> specific alternative text to use?
>> -- Mike
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net 
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net 
>> <mailto:Openid-specs-ab at lists.openid.net>
>> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>
>
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab

-- 
George Fletcher <http://connect.me/gffletch>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131025/b7ed6c99/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: XeC
Type: image/png
Size: 80878 bytes
Desc: not available
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20131025/b7ed6c99/attachment-0001.png>


More information about the Openid-specs-ab mailing list