Open tomkuipers opened 5 years ago
According to the OpenID Connect specification 'nonce' is required in the authentication request for the Implicit Flow: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest. It is however missing in the Implicit Flow auth request. In the Authorization Code Flow 'nonce' is optional: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest
According to the OpenID Connect specification 'nonce' is required in the authentication request for the Implicit Flow: https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest. It is however missing in the Implicit Flow auth request. In the Authorization Code Flow 'nonce' is optional: https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest