From 4e7f4eb85e5c7680d51e1d3a9797fb296c6b6863 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Cl=C3=A9ment=20Oudot?= <clement@oodo.net>
Date: Tue, 17 Mar 2015 12:56:11 +0000
Subject: [PATCH] Use nonce in Authentication Code Flow (#184)

---
 .../lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm         | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
index ad714ccbd..7bbfacf87 100644
--- a/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
+++ b/lemonldap-ng-portal/lib/Lemonldap/NG/Portal/IssuerDBOpenIDConnect.pm
@@ -186,9 +186,11 @@ sub issuerForUnAuthUser {
             acr => $id_token_acr,    # Authentication Context Class Reference
             azp => $client_id,       # Authorized party
                                      # TODO amr
-                                     # TODO nonce
         };
 
+        my $nonce = $codeSession->data->{nonce};
+        $id_token_payload_hash->{nonce} = $nonce if defined $nonce;
+
         # Create ID Token
         my $id_token = $self->createIDToken( $id_token_payload_hash, $rp );
 
@@ -467,6 +469,7 @@ sub issuerForAuthUser {
                     scope           => $oidc_request->{'scope'},
                     user_session_id => $session_id,
                     _utime          => time,
+                    nonce           => $oidc_request->{'nonce'},
                 }
             );