Make the "nonce" auth request parameter optional in the hybrid "code token" flow

[This issue is imported from pivotal - Originaly created at Dec 7, 2020 by Bart Geesink](https://www.pivotaltracker.com/story/show/176032356)

Only when issuing an id_token, the nonce must be present. So in the hybrid flow "code token" nonce can be omitted.

Caused by the nimbus library: https://bitbucket.org/connect2id/oauth-2.0-sdk-with-openid-connect-extensions/src/7da4c0b7f9ad10ea08e4ed970d527f7ec37d67f0/src/main/java/com/nimbusds/openid/connect/sdk/AuthenticationRequest.java#lines-1680

Added question in the. code: https://github.com/OpenConext/OpenConext-oidcng/commit/1efc29f61ed9caf7ad85590f9f18b939c56b1b1b

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Make the "nonce" auth request parameter optional in the hybrid "code token" flow #205

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Make the "nonce" auth request parameter optional in the hybrid "code token" flow #205

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions