Chained nonce
stokito opened this issue · comments
Sergey Ponomarev commented
The nonce is used by server side to ensure that the submitted id_token wasnt used before.
But in fact we may have multiple parties who also want to check the id_token. It may be multiple microservices on the backend or simply a reverse proxy that also can be interested in authorization.
E.g. jkl.mn proxy that forwards traffic to yurt may also login a user for sso between other yurts.
Each party may append its own part into nonce and then check it in the received id_token.
- Yurt: nonce: 1234
- Proxy: adds 5678 and nonce becomes 12345678. It must store the position of added nonce.
- An IdP singns an id_token and verification begins
- Proxy extracts back its part and check that it's equal with stored. If succesfull forwards to yurt
- Yurt makes the same with begining part.
To correlate request a state may be used. Or use length prefixes. But it makes the flow much difficult to implement. So for now lets assume only two nonces of a fixed size