cnonce
Registry Context
`cnonce` is a "client-nonce". A nonce previously provided to the AS by the RS via the client. Used to verify token freshness when the RS cannot synchronize its clock with the AS. claim.
Technical Summary
Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10 defines `cnonce` for JWT claim sets with the registry description: "client-nonce". A nonce previously provided to the AS by the RS via the client. Used to verify token freshness when the RS cannot synchronize its clock with the AS..
When Used
Used in JWTs that follow Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.
Normative Requirements
Authorization servers
9200 - Section 5.10
include the submitted `cnonce` parameter value in the `cnonce` claim..
Condition: When the client submitted a cnonce parameter in the access token request.
the AS MUST include the value of this parameter in the cnonce claim specified here
Validation Guidance
When processing `cnonce`, apply the syntax and semantics from Authentication and Authorization for Constrained Environments Using the OAuth 2.0 Framework (ACE-OAuth) Section 5.10.
Treat `cnonce` as profile-specific unless the JWT explicitly follows the referenced specification.
Reference
Details
- Entry Id
cnonce- Claim Name
cnonce- Claim Description
"client-nonce". A nonce previously provided to the AS by the RS via the client. Used to verify token freshness when the RS cannot synchronize its clock with the AS.- Change Controller
IETF- Reference
RFC9200 - Section 5.10