[Openid-specs-fapi] Issue #187: Part 1 client requirements for state/nonce aren't reflected as authorization server requirements (openid/fapi)
issues-reply at bitbucket.org
Tue Nov 6 09:31:19 UTC 2018
New issue 187: Part 1 client requirements for state/nonce aren't reflected as authorization server requirements
Part 1 requires clients send nonce (if requested openid in scope) and state otherwise.
I am thinking that there should be a clause in the authorization server section that means the server requires state/nonce as appropriate and rejects requests without them.
More information about the Openid-specs-fapi