openid / connect / issues / #1266 - Remove misleading self-issued language that seems to imply that nonce is optional — Bitbucket

Issue #1266 resolved

Michael Jones created an issue 2021-07-13

In bullet 8 of https://openid.net/specs/openid-connect-core-1_0.html#SelfIssuedValidation, the language “If a nonce value was sent in the Authentication Request“ is misleading, and should be removed. Nonce is already required for the Implicit flow at https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest - including for response_type=id_token.

This problem was first identified in issue ~~#1265~~.

Comments (3)

Nat Sakimura
- changed status to open
To be applied in the next errata.
- 2021-08-09T23:58:01+00:00
Michael Jones reporter
Will be fixed by https://bitbucket.org/openid/connect/pull-requests/336/errata-removed-misleading-self-issued
- 2022-10-20T17:24:28+00:00
Michael Jones reporter
- changed status to resolved
Addressed by the now-merged PR
- 2022-10-29T19:02:26+00:00
Log in to comment

Assignee: Michael Jones

Type: bug

Priority: minor

Status: resolved

Component: Core

Milestone: Errata

Version: –

Votes: 0

Watchers: 1

Jira: the preferred issue tracker for Bitbucket. Join the team!