You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The library is not fully compliant to the OpenID Connect standard.
The following aspects differ from the standard:
The ID Token must contain the two timestamps iat and exp (see here). The library does not strictly enforce the presence of the exp claim and does not consider the iat at all. Instead the nbf claim used (L932 + L933). This claim is described in the JWT standard (RFC 7519) but not explicitly part of an ID Token according to the OpenID Connect standard.
The library does not take into account that the Authorization Code Flow and Implicit Flow require different parameters to be present. When using the Implicit Flow both nonce and at_hash are mandatory claims (see here) while they are optional when the Authorization Code Flow is used (see here and here).
The text was updated successfully, but these errors were encountered:
The library is not fully compliant to the OpenID Connect standard.
The following aspects differ from the standard:
iatandexp(see here). The library does not strictly enforce the presence of theexpclaim and does not consider theiatat all. Instead thenbfclaim used (L932 + L933). This claim is described in the JWT standard (RFC 7519) but not explicitly part of an ID Token according to the OpenID Connect standard.nonceandat_hashare mandatory claims (see here) while they are optional when the Authorization Code Flow is used (see here and here).The text was updated successfully, but these errors were encountered: