openid.nonce added

Brad Fitzpatrick brad at
Sat May 21 00:07:21 PDT 2005

On Fri, 20 May 2005, Karl Koscher wrote:

> Brad Fitzpatrick wrote:
> >Nonce support has been added to the protocol.  Optional for consumers to
> >send.  Required for identity servers to echo back and sign.
> >
> >
> Erm, is this really necessary? Can't a consumer just include something
> like that in their return URL, that in turn is part of the message
> hashed by the identity server?

You're totally right.  Good catch.  Now removed from specs.

- Brad

More information about the yadis mailing list