-
assigned issue to
Basic - 3.3.4.2 nonce verification not specified
Issue #81
resolved
Step 1 does not specify what constitutes a valid nonce (a previously issued but not previously used value).
Comments (3)
-
-
Change
If the authentication request contained a nonce, check that the returned nonce is valid.
To
Check that the returned nonce is equal to the nonce in the Authorization Request.
-
- changed status to resolved
fixes
#81 - Log in to comment