nonce as RECOMMENDED parameter

Comments (2)

1. 

   Jörg Connotte reporter

   according to the group nonce is OPTIONAL for the OpenID Connect code flow as it will bring no additional security there. It is however MANDATORY for the implicit and hybrid flow. There seems to be no reason to update it to RECOMMENDED for the code flow.

   • 2015-09-23T15:55:53+00:00
2. 

   Jörg Connotte reporter

   • changed status to wontfix

   Any Recommentation for nonce should take place in the OpenID Connect specification.

   • 2017-06-13T09:17:57+00:00
3. Log in to comment