Merge branch 'master' into patch-1

author: Jonathan Huot <JonathanHuot@users.noreply.github.com> 2019-05-07 12:46:58 +0200
committer: GitHub <noreply@github.com> 2019-05-07 12:46:58 +0200
commit: d436c5aeb142f2d702c99d74d4218830ece6e3c4 (patch)
tree: fe21a30b224e858aa285a67f8243ba305275e591 /oauthlib/oauth2/rfc6749
parent: 056383bf96892b7428b5de17bb2011374fe1c7bf (diff)
parent: 754b003514eaac50ac30f207bac692c39c6a94c6 (diff)
download: oauthlib-d436c5aeb142f2d702c99d74d4218830ece6e3c4.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/oauthlib/oauth2/rfc6749/request_validator.py b/oauthlib/oauth2/rfc6749/request_validator.py
index d6ec2ab..86509b6 100644
--- a/oauthlib/oauth2/rfc6749/request_validator.py
+++ b/oauthlib/oauth2/rfc6749/request_validator.py
@@ -271,6 +271,9 @@ class RequestValidator(object):
             - Code Challenge (``request.code_challenge``) and
             - Code Challenge Method (``request.code_challenge_method``)
 
+        To support OIDC, you MUST associate the code with:
+            - nonce, if present (``code["nonce"]``)
+
         The ``code`` argument is actually a dictionary, containing at least a
         ``code`` key with the actual authorization code:
author	Jonathan Huot <JonathanHuot@users.noreply.github.com>	2019-05-07 12:46:58 +0200
committer	GitHub <noreply@github.com>	2019-05-07 12:46:58 +0200
commit	d436c5aeb142f2d702c99d74d4218830ece6e3c4 (patch)
tree	fe21a30b224e858aa285a67f8243ba305275e591 /oauthlib/oauth2/rfc6749
parent	056383bf96892b7428b5de17bb2011374fe1c7bf (diff)
parent	754b003514eaac50ac30f207bac692c39c6a94c6 (diff)
download	oauthlib-d436c5aeb142f2d702c99d74d4218830ece6e3c4.tar.gz