Closed brentschmaltz closed 9 years ago
The CacheNonces bool is also used in the constructor to request the cache from DI: https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenIdConnectAuthenticationMiddleware.cs#L132
This is different than the pattern for IDataFormatter. Could we have a default NonceCache that uses cookies, have users override as they do with the formatter.
IDataFormatter? Do you mean ISecureDataFormat?
Yes, ISecureDataFormat.
This is behaving as designed.
By default NonceCache is null. It seems reasonable to me if the user set it that should be an indication to use it.