Oracle Access Manager (OAM) OpenId Connect (OIDC) Authorization Code Grant Flow Generates Id Token Without Nonce Claim Received
(Doc ID 2720408.1)
Last updated on SEPTEMBER 11, 2023
Applies to:
Oracle Access Manager - Version 12.2.1.3.190609 and laterInformation in this document applies to any platform.
Symptoms
Authorization code grant flow generates Id token without "Nonce" claim received
- Oracle Access Manager (OAM)
- OpenId Connect (OIDC)
Scenario
Implementing the OIDC Authorization Code Grant Flow sends an Authorization request with the "nonce" attribute but the generated Id token does not contains the "nonce" claim.
Documentation - Chapter 36.1.1 OpenIDConnect ID Token at Table 36-1 Claims within the ID Token used by OpenIDConnect, the nonce parameter is one of the Request parameters, and as per the OIDC standard (https://openid.net/specs/openid-connect-core-1_0.html#IDToken), for the "nonce" Claim, (...)Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string.(...)
Why the "nonce" claim in not returned in the Id Token?
Changes
Cause
To view full details, sign in with your My Oracle Support account. |
|
Don't have a My Oracle Support account? Click to get started! |
In this Document
Symptoms |
Changes |
Cause |
Solution |
References |