Skip to content

Commit 026a1a2

Browse files
CopilotbgavrilMS
andauthored
docs: clarify browser nonce behavior
Agent-Logs-Url: https://github.com/AzureAD/microsoft-authentication-library-for-python/sessions/d56329c6-d8ad-4440-8617-3df24459fed0 Co-authored-by: bgavrilMS <12273384+bgavrilMS@users.noreply.github.com>
1 parent 2f37cf8 commit 026a1a2

1 file changed

Lines changed: 3 additions & 0 deletions

File tree

msal/oauth2cli/oidc.py

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -221,6 +221,9 @@ def obtain_token_by_browser(
221221
**kwargs):
222222
"""A native app can use this method to obtain token via a local browser.
223223
224+
This flow still uses the nonce generated during flow initiation,
225+
but the SDK no longer validates that nonce against the ID token.
226+
224227
It implements PKCE to mitigate the auth code interception attack.
225228
226229
:param string display: Defined in

0 commit comments

Comments
 (0)