microsoft-authentication-library-for-dotnet icon indicating copy to clipboard operation
microsoft-authentication-library-for-dotnet copied to clipboard

Published 20 hours ago verified publisher icon AzureAD

Does MSAL.net handle nonce validation by default?

Open anhhnguyen206 opened this issue 5 months ago • 1 comments

Hi,

This is more like a question than an issue but I didn't see a discussion place for generic question so I open this. Feel free to close and redirect me to a better place to ask.

We're doing pentesting of our application. We noticed that in the token payload that we received as the AuthenticationResult, we have a nonce value which is a random string. I'm curious if this is generated by the library and is it also validated by the library?

Thanks,

anhhnguyen206 avatar Sep 19 '24 03:09 anhhnguyen206