CIBA: client_notification_token's length and usable characters
Issue #104
resolved
Regarding client_notification_token
, it would be nice to mention its (minimum/maximum) length and usable characters (printable ASCII only or any characters).
A relevant discussion about nonce
in the OpenID certification test suite is here:
Comments (6)
-
-
- changed component to CIBA
- changed milestone to CIBA Implementer's Draft
-
-
assigned issue to
-
assigned issue to
-
General agreement on the 8/23 call for client_notification_token was:
- Add minimum entropy requirement/recommendation
- same allowable characters as access tokens (from https://tools.ietf.org/html/rfc6750#section-2.1)
- Define a maximum length (but long enough to allow for a reasonable sized JWT to be used as the client_notification_token)
-
pull request
#31has proposed changes to address this -
- changed status to resolved
- Log in to comment
@authlete-taka what values would you suggest for min / max?