OpenId Connect and proper usage of nonce
I understand that a nonce is used to prevent replay attacks. I have been going through documentations, specs, posts and blog posts and I am a little confused.
Consider the following attack scenario.
Mary wants to login to https://photos.c… Continue reading OpenId Connect and proper usage of nonce