Closed cpliakas closed 8 years ago
@pwolanin I agree with you that this would be a good idea, but it would be helpful to explicitly state why this is a good idea even if the backend doesn't track it. Any references to articles or best practices supporting this request would be great.
Marking as fixed, a Nonce is enforced in the 2.0 sec.
From @pwolanin in #1:
Finally, there is no nonce value specified in the spec.
I would say every implementation must have a nonce even if the back-end doesn't currently track it.