nonce as RECOMMENDED parameter

Issue #26 wontfix
Jörg Connotte created an issue

No description provided.

Comments (2)

  1. Jörg Connotte reporter

    according to the group nonce is OPTIONAL for the OpenID Connect code flow as it will bring no additional security there. It is however MANDATORY for the implicit and hybrid flow. There seems to be no reason to update it to RECOMMENDED for the code flow.

  2. Log in to comment