This post describe the purpose of nonce parameter in OpenID Connect.
In short, nonce parameter prevent a malicious user from Replay Attack which is a category of network attack in which an attacker detects a data transmission and fraudulently has it delayed or repeated.
I will try to explain nonce parameter as clearly as I can.
when not using nonce parameter
At first, I’ll show you characters in this post.
 |
SNS1:Relying Party who is Authenticated by OpenID Connect Provider. |
 |
SNS2:OpenID Connect Provider who provides Authentication to Relying Party. |
 |
A-san:a user of SNS1 |
 |
Attacker:attacker who is trying to do Replay Attack. |
A-san accesses to SNS1 via Web Browser.
SNS1 redirects A-san to SNS2 Authorization Endpoint.
SNS2 shows A-san Login Page.A-san logs in to SNS1.
SNS2 redirect A-san to Callback URL pre-configured with a query parameter of the Authorization Code.
SNS1 exchanges Authorization Code for ID Token by requesting Token Endpoint.
SNS1 issues ID Token to SNS2,while the attacker intercepts the traffic between SNS1 and SNS2 and gets ID Token.
The attacker sends ID Token obtained previously to SNS1.SNS2 receives the ID Token, verifies it and find it correct one.SNS1 has no way to know that the ID Token is send from the attacker.It’s because iss,sub and any other claims is correct.
when using nonce parameter
I’ll show you the way to prevent an attacker from Replay Attack by nonce parameter.
A-san accesses to SNS1 via Web Browser.
SNS1 redirects A-san to SNS2 Authorization Endpoint.At the same time, SNS1 generates number which is an arbitrary one that can be used just once,stores it in A-san’s session and redirect A-san to Authorization Endpoint whose URL’s query parameter includes nonce value.
SNS2 shows A-san Login Page.A-san logs in to SNS1.
SNS2 redirect A-san to Callback URL pre-configured with a query parameter of the Authorization Code.
SNS1 exchanges Authorization Code for ID Token by requesting Token Endpoint.
SNS1 issues ID Token to SNS2.ID Token includes nonce claim whose value is one generated when SNS1 redirected A-san to Authorization Endpoint.Then, SNS1 receives the ID Token only when tha nonce value including ID Token as nonce claim matches the value stored in A-san’s session.On the other hand, the attacker intercepts the traffic between SNS1 and SNS2 and gets ID Token.
SNS1 remove the nonce value in A-san’s session after validating the ID Token.
The attacker sends the ID Token obtained previously.SNS1 compares the nonce value in ID Token with one in A-san’s session.However, both values do not match, so SNS1 rejects the ID Token sent from the attacker.In this way, nonce parameter prevents an attacker from Replay Attack.
