Basic - 3.3.4.2 nonce verification not specified

Issue #81 resolved
jbufu
created an issue

Step 1 does not specify what constitutes a valid nonce (a previously issued but not previously used value).

Comments (3)

  1. Nat Sakimura

    Change

    If the authentication request contained a nonce, check that the returned nonce is valid.
    

    To

    Check that the returned nonce is equal to the nonce in the Authorization Request. 
    
  2. Log in to comment