Basic - nonce verification not specified

Issue #81 resolved
created an issue

Step 1 does not specify what constitutes a valid nonce (a previously issued but not previously used value).

Comments (3)

  1. Nat Sakimura


    If the authentication request contained a nonce, check that the returned nonce is valid.


    Check that the returned nonce is equal to the nonce in the Authorization Request. 
  2. Log in to comment