<div dir="auto"><div>There are valid use cases for front channel ID Tokens as I understand unlike in the case of access tokens. <br><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">2023年7月25日(火) 10:23 David Waite <<a href="mailto:david@alkaline-solutions.com">david@alkaline-solutions.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div style="line-break:after-white-space">If OIDC 1.1 removed implicit, could we not just require PKCE and align with OAuth 2.1 work?<div><br></div><div>-DW<br><div><br><blockquote type="cite"><div>On Jul 24, 2023, at 6:01 PM, Nat Sakimura via Openid-specs-ab <<a href="mailto:openid-specs-ab@lists.openid.net" target="_blank" rel="noreferrer">openid-specs-ab@lists.openid.net</a>> wrote:</div><br><div><div dir="ltr"><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">For those of you who are in IETF, hope you are having good time. </div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Here is a vulnerability reported by Frans Rosén <a href="https://gitlab.com/gitlab-org/gitlab/-/issues/362394" style="background-color:transparent;box-sizing:border-box;color:rgb(17,158,77);text-decoration-line:none" target="_blank" rel="noreferrer">https://gitlab.com/gitlab-org/gitlab/-/issues/362394</a></div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">and <a href="https://user-content.gitlab-static.net/36d11caeb269229319a2912b9719ed1d55ec1af9/68747470733a2f2f68312e7365632e6769746c61622e6e65742f612f35616565376137322d643935372d343265652d393631652d3362393436613564323538642f6769746c61622d68696a61636b2e6d7034" style="box-sizing:border-box;color:rgb(17,158,77);text-decoration-line:none;background-color:transparent" target="_blank" rel="noreferrer">https://user-content.gitlab-static.net/36d11caeb269229319a2912b9719ed1d55ec1af9/68747470733a2f2f68312e7365632e6769746c61622e6e65742f612f35616565376137322d643935372d343265652d393631652d3362393436613564323538642f6769746c61622d68696a61636b2e6d7034</a></div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Maybe we should make nonce mandatory in OpenID Connect 1.1. </div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Also, stronger recommendations on the use of request objects. </div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Best, </div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px"><br></div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px">Nat Sakimura</div><div style="box-sizing:border-box;margin:0px 0px 0.7em;color:rgb(41,48,48);font-family:helvetica,"Segoe UI",游ゴシック体,YuGothic,"\006e38\0030b4\0030b7\0030c3\0030af  Medium","Yu Gothic Medium",游ゴシック,"Yu Gothic",メイリオ,Meiryo,sans-serif;font-size:17px"><br></div></div>
_______________________________________________<br>Openid-specs-ab mailing list<br><a href="mailto:Openid-specs-ab@lists.openid.net" target="_blank" rel="noreferrer">Openid-specs-ab@lists.openid.net</a><br><a href="https://lists.openid.net/mailman/listinfo/openid-specs-ab" target="_blank" rel="noreferrer">https://lists.openid.net/mailman/listinfo/openid-specs-ab</a><br></div></blockquote></div><br></div></div></blockquote></div></div></div>