My Oracle Support Banner

Oracle Access Manager (OAM) OpenId Connect (OIDC) Authorization Code Grant Flow Generates Id Token Without Nonce Claim Received (Doc ID 2720408.1)

Last updated on FEBRUARY 10, 2022

Applies to:

Oracle Access Manager - Version 12.2.1.3.190609 and later
Information in this document applies to any platform.

Symptoms

Authorization code grant flow generates Id token without "Nonce" claim received

Scenario

Implementing the OIDC Authorization Code Grant Flow sends an Authorization request with the "nonce" attribute but the generated Id token does not contains the "nonce" claim.

Documentation - Chapter 36.1.1 OpenIDConnect ID Token at Table 36-1 Claims within the ID Token used by OpenIDConnect, the nonce parameter is one of the Request parameters, and as per the OIDC standard (https://openid.net/specs/openid-connect-core-1_0.html#IDToken), for the "nonce" Claim, (...)Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request. Authorization Servers SHOULD perform no other processing on nonce values used. The nonce value is a case sensitive string.(...)

Why the "nonce" claim in not returned in the Id Token?

Changes

 

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!


In this Document
Symptoms
Changes
Cause
Solution
References


My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.