Skip to content

nonce required for oidc implicit flow

According to the spec for OIDC implicit flow - https://openid.net/specs/openid-connect-core-1_0.html#ImplicitAuthRequest - 'nonce' is required. Authengine now enforces this, and oauth-play has to be updated.

We now get

{
    "error": "invalid_request",
    "error_description": "Nonce is required when requesting id_token from authorization endpoint",
    "error_uri": "https://docs.dataporten.no"
}
Edited by Jon Kåre Hellan