[Feature] Use the nonce
parameter in OIDC authorization request to mitigate replay attacks
#2276
Labels
Milestone
Use case
The
nonce
parameter is used to mitigate replay attacks. It’s not required by the OpenID Connect Core specification, but it’s required by some OIDC/OAuth profiles, e.g. Financial-grade API Security Profile 1.0 and FAPI 2.0 Security Profile.Description
OpenID Connect Core 1.0 – 3.1.2.1 Authentication Request:
Contribution
How can it be implemented?
No response
The text was updated successfully, but these errors were encountered: