Axel,I did not vote on this issue, but I am concerned by what appears to be the basis for your
position. Specifically, you say:
*Maybe there is some justification for nonce in jwt but if jwt is used with oauth2 then we already have state.*
JOSE's cope is not just oauth2, so it seems inappropriate to argue that a feature is not
needed based on just that app. Steve
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
