Hi all, I have created a program for OIDC Authorization Code Flow (ID Tokens and User Access Tokens).
When receiving my jwt, it validates correctly against the jwk, but the payload does not have a nonce value. The value is just misssing, not empty or incorrect, missing. the access_token is valid and have been used to test against the api.
So here is my uri for login:
https://api.twitch.tv/kraken/oauth2/authorize?client_id=<id>&redirect_uri=<redirect>&response_type=code&scope=openid%20user%3Aread%3Aemail%20user%3Aedit&nonce=e6cd94ca6fdf472dbfc0b3ed59a0dedc&state=e48a347cc26742948a048306e0e4a668
Here is the uri i post to for tokens
https://api.twitch.tv/api/oauth2/token?client_id=<id>&client_secret=<secret>&code=<code>&grant_type=authorization_code&redirect_uri=http%3A%2F%2Flocalhost%3A8008%2Fsignin-twitch
Here is the response from posting to token
{
"id_token": "<id_token>",
"refresh_token": "<refresh_token>",
"access_token": "<access_token>",
"scope": "openid user:edit user:read:email",
"expires_in": 13172
}
Here is the id_token decoded
{
"sub": "<sub>",
"iss": "https://api.twitch.tv/api",
"aud": "<clientid>",
"exp": 1506054707,
"iat": 1506053807
}