[Openid-specs-ab] Hybrid Flow | nonce | requred or optional?

Brian Campbell bcampbell at pingidentity.com
Thu Jan 10 20:14:23 UTC 2019


Looks good to me, thanks Mike.



On Thu, Jan 10, 2019 at 12:33 PM Mike Jones via Openid-specs-ab <
openid-specs-ab at lists.openid.net> wrote:

> I believe that the nonce edits in the current editor's draft at
> https://openid.bitbucket.io/connect/openid-connect-core-1_0.html#HybridAuthRequest
> and
> https://openid.bitbucket.io/connect/openid-connect-core-1_0.html#HybridIDToken
> finish addressing this issue in a way that reflects the working group
> consensus. Please review.
>
>
>
>                                                 -- Mike
>
>
>
> *From:* Christian Mainka <Christian.Mainka at rub.de>
> *Sent:* Friday, December 21, 2018 2:33 AM
> *To:* openid-specs-ab at lists.openid.net
> *Cc:* vladislav.mladenov at rub.de; n-sakimura at nri.co.jp; ve7jtb at ve7jtb.com;
> Mike Jones <Michael.Jones at microsoft.com>; breno at google.com;
> cmortimore at salesforce.com
> *Subject:* [Openid-specs-ab] Hybrid Flow | nonce | requred or optional?
>
>
>
> Hi,
>
> we are unsure if *nonce* is OPTIONAL or REQUIRED in the Hybrid Flow.
>
> ·        *Hybrid Flow => ID Token* (Section 3.3.2.11 1
> <https://openid.net/specs/openid-connect-core-1_0.html#HybridIDToken>)
> states *nonce* is REQUIRED.
>
> ·        *Hybrid Flow => Authentication Request* (Section 3.3.2.1 2
> <https://openid.net/specs/openid-connect-core-1_0.html#HybridAuthRequest>)
> refers to *Code => Authentication Request* (Section 3.1.2.1 3
> <https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest>),
> where *nonce* is OPTIONAL.
>
> What does this mean for the case in which no nonce is used in the
> Authentication Request (OPTIONAL: nonce).
> Does the IdP have to generate its own nonce and include it in the ID Token
> (REQUIRED: nonce)?
>
> Or is this a bug in the specification?
>
> Best Regards
> Vladislav/Christian
>
>>
> --
>
> Dr.-Ing. Christian Mainka
>
> Horst Görtz Institute for IT-Security
>
> Chair for Network and Data Security
>
> Ruhr-University Bochum, Germany
>
>
>
> Universitätsstr. 150, ID 2/463
>
> D-44801 Bochum, Germany
>
>
>
> Telefon: +49 (0) 234 / 32-26796
>
> Fax: +49 (0) 234 / 32-14347
>
> http://nds.rub.de/chair/people/cmainka/
>
> @CheariX
>
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> http://lists.openid.net/mailman/listinfo/openid-specs-ab
>

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-ab/attachments/20190110/3b49bd3f/attachment.html>


More information about the Openid-specs-ab mailing list