Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: add requirement on Nonce payload to contain an actual random value #23

Merged
merged 2 commits into from
Apr 18, 2024
Merged

fix: add requirement on Nonce payload to contain an actual random value #23

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8574f73
fix: add requirement on Nonce payload to contain an actual random value
millenc Apr 18, 2024
90a4693
Orie's rev
peppelinux Apr 18, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions draft-demarco-oauth-nonce-endpoint.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,7 @@ author:

normative:
RFC2119: RFC2119
RFC4086: RFC4086
RFC5246: RFC5246
RFC6749: RFC6749
RFC7159: RFC7159
Expand Down Expand Up @@ -187,12 +188,13 @@ In cases where, for some reasons, a correctly issued Nonce can no longer be cons

# Non-normative Examples of a Nonce Payload

The decrypted Nonce payload may use different formats and encodings, according to the different implemententative requirements, and contains any kind of implementation-specific claims, such as the issuance time, the time of expiration, the audiences and other where needed.
The decrypted Nonce payload MAY use different formats and encodings, according to the different implementation requirements and contain any kind of implementation-specific claims, such as the issuance time, the time of expiration, the audiences and others where needed.

Below are provided some non-normative examples, describing how a decrypted and JSON serialized Nonce payload may appear:
Below are provided some non-normative examples, describing how a decrypted and JSON serialized Nonce payload MAY appear:

~~~~
{
"jti": "0452767d-549d-4765-bd43-a0bcc2a6659a",
"iss": "https://server.example.org",
"iat": 1615908701,
"exp": 1615995101,
Expand All @@ -204,7 +206,9 @@ Below are provided some non-normative examples, describing how a decrypted and J
}
~~~~

Please note that the values represented in the previous examples may depend on domain specific requirements and MUST NOT be intended as normative.
Please note that the values represented in the previous examples are informative.

In any case, the payload MUST include some unique value (`"jti"` on the example above), typically generated using a pseudo-random number generator with sufficient entropy [RFC4086], to ensure that the encrypted digest (the actual Nonce) is also unique.

# Security Considerations

Expand Down Expand Up @@ -252,4 +256,3 @@ This document has no IANA actions.
{:numbered="false"}

TODO acknowledge.

Loading