Use nonce in Authentication Code Flow (#184)
This commit is contained in:
parent
89e3678bdf
commit
4e7f4eb85e
@ -186,9 +186,11 @@ sub issuerForUnAuthUser {
|
|||||||
acr => $id_token_acr, # Authentication Context Class Reference
|
acr => $id_token_acr, # Authentication Context Class Reference
|
||||||
azp => $client_id, # Authorized party
|
azp => $client_id, # Authorized party
|
||||||
# TODO amr
|
# TODO amr
|
||||||
# TODO nonce
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
my $nonce = $codeSession->data->{nonce};
|
||||||
|
$id_token_payload_hash->{nonce} = $nonce if defined $nonce;
|
||||||
|
|
||||||
# Create ID Token
|
# Create ID Token
|
||||||
my $id_token = $self->createIDToken( $id_token_payload_hash, $rp );
|
my $id_token = $self->createIDToken( $id_token_payload_hash, $rp );
|
||||||
|
|
||||||
@ -467,6 +469,7 @@ sub issuerForAuthUser {
|
|||||||
scope => $oidc_request->{'scope'},
|
scope => $oidc_request->{'scope'},
|
||||||
user_session_id => $session_id,
|
user_session_id => $session_id,
|
||||||
_utime => time,
|
_utime => time,
|
||||||
|
nonce => $oidc_request->{'nonce'},
|
||||||
}
|
}
|
||||||
);
|
);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user