Skip to content

Commit

Permalink
fix: do not require nonce parameter in OpenID (#1253)
Browse files Browse the repository at this point in the history
* change require_nonce=False, checks for None

* check for None

* Deleted None for get nonce
  • Loading branch information
kutovoys authored Sep 4, 2024
1 parent 5d77ff1 commit d0d4f41
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 2 deletions.
2 changes: 1 addition & 1 deletion authn/models/openid.py
Original file line number Diff line number Diff line change
Expand Up @@ -145,7 +145,7 @@ def get_scope(self):
return self.scope or ""

def get_nonce(self):
return self.nonce
return self.nonce if self.nonce else None

def get_auth_time(self):
return self.auth_time.timestamp()
4 changes: 3 additions & 1 deletion authn/providers/openid.py
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,8 @@ def revoke_old_credential(self, credential):

class OpenIDCode(oidc_grants.OpenIDCode):
def exists_nonce(self, nonce, request):
if nonce is None:
return False
try:
OAuth2AuthorizationCode.objects.get(
client_id=request.client_id, nonce=nonce
Expand Down Expand Up @@ -95,6 +97,6 @@ class OpenIDImplicitGrant(OpenIDCode, oidc_grants.OpenIDImplicitGrant):
pass


server.register_grant(AuthorizationCodeGrant, [OpenIDCode(require_nonce=True)])
server.register_grant(AuthorizationCodeGrant, [OpenIDCode(require_nonce=False)])
server.register_grant(OpenIDImplicitGrant)
server.register_grant(RefreshTokenGrant)

0 comments on commit d0d4f41

Please sign in to comment.