Skip to content

Commit

Permalink
Remove note on IdP to validate nonce (w3c-fedid#582)
Browse files Browse the repository at this point in the history
  • Loading branch information
Kai Lehmann committed May 15, 2024
1 parent 82db3af commit 5ed1cf3
Showing 1 changed file with 0 additions and 2 deletions.
2 changes: 0 additions & 2 deletions spec/index.bs
Original file line number Diff line number Diff line change
Expand Up @@ -2045,8 +2045,6 @@ the <a http-header>Origin</a> header value is represented by the
[=IDP=]-specific, the [=user agent=] cannot perform this check.
</div>

Note: An [=IDP=] should validate the nonce, if present, to prevent CSRF-style attacks.

The response body must be a JSON object that can be [=converted to an IDL value|converted=] to an {{IdentityProviderToken}} without an exception.

Every {{IdentityProviderToken}} is expected to have members with the following semantics:
Expand Down

0 comments on commit 5ed1cf3

Please sign in to comment.