nonce as RECOMMENDED parameter
Issue #26
wontfix
No description provided.
Comments (2)
-
reporter -
reporter - changed status to wontfix
Any Recommentation for nonce should take place in the OpenID Connect specification.
- Log in to comment
according to the group nonce is OPTIONAL for the OpenID Connect code flow as it will bring no additional security there. It is however MANDATORY for the implicit and hybrid flow. There seems to be no reason to update it to RECOMMENDED for the code flow.