Hi,
It seems that if a client sends the optional `nonce` parameter as part
of the authentication request, the server should return it as `nonce`
claim part of the ID Token
The value is passed through unmodified from the Authentication
Request to the ID Token. If present in the ID Token, Clients MUST
verify that the nonce Claim Value is equal to the value of the nonce
parameter sent in the Authentication Request. If present in the
Authentication Request, Authorization Servers MUST include a nonce
Claim in the ID Token with the Claim Value being the nonce value sent
in the Authentication Request. Authorization Servers SHOULD perform
no other processing on nonce values used. The nonce value is a case
sensitive string.
http://openid.net/specs/openid-connect-core-1_0.html#IDToken
As of Keycloak 1.2.0.Beta1 if a client sends a `nonce`, the ID Token
doesn't include the `nonce` claim.
Should I log this as an defect? Or is something already solved in 1.2.0RC1 ?
Thanks,
--
Iván