make nonce optional

2025-08-20 01:17:37 +02:00 · 2025-08-20 01:17:37 +02:00 · d82e17422c
commit d82e17422c
parent 6e1ee839ba
4 changed files with 9 additions and 5 deletions
--- a/database/migrations/structure/20250820_0113_oauth_nonce_null.sql
+++ b/database/migrations/structure/20250820_0113_oauth_nonce_null.sql
@ -0,0 +1,2 @@
+ALTER TABLE `oauth_sessions`
+MODIFY `nonce` varchar(255) CHARACTER SET ascii COLLATE ascii_bin DEFAULT NULL;
--- a/src/Controller/OAuthController.php
+++ b/src/Controller/OAuthController.php
@ -109,8 +109,10 @@ class OAuthController
            'nbf' => $session->getCreatedDate()->getTimestamp(),
            'exp' => $token->getExpiresDate()->getTimestamp(),
            'aud' => $session->getClientId(),
-            'nonce' => $session->getNonce()
        ];
+        if ($session->getNonce() !== null) {
+            $commonPayload['none'] = $session->getNonce();
+        }
        $idTokenPayload = array_merge($commonPayload, $this->getUserInfoInternal(
            $this->userRepository->getById($session->getUserId()),
            $session->getScopeArray())
--- a/src/Controller/OAuthSessionController.php
+++ b/src/Controller/OAuthSessionController.php
@ -29,7 +29,7 @@ class OAuthSessionController implements IAuthenticationRequired
        $clientId = \Container::$request->query('client_id');
        $scope = \Container::$request->query('scope') ? \Container::$request->query('scope'): '';
        $state = \Container::$request->query('state');
-        $nonce = \Container::$request->query('nonce') ? \Container::$request->query('nonce'): '';
+        $nonce = \Container::$request->query('nonce') ? \Container::$request->query('nonce'): null;
        $codeChallenge = \Container::$request->query('code_challenge') ?: null;
        $codeChallengeMethod = \Container::$request->query('code_challenge_method') ?: null;

--- a/src/PersistentData/Model/OAuthSession.php
+++ b/src/PersistentData/Model/OAuthSession.php
@ -19,7 +19,7 @@ class OAuthSession extends Model

    private array $scope = [];

-    private string $nonce = '';
+    private ?string $nonce = '';

    private ?string $codeChallenge = null;

@ -52,7 +52,7 @@ class OAuthSession extends Model
        $this->setScopeArray(explode(' ', $scope));
    }

-    public function setNonce(string $nonce): void
+    public function setNonce(?string $nonce): void
    {
        $this->nonce = $nonce;
    }
@ -125,7 +125,7 @@ class OAuthSession extends Model
        return $this->scope;
    }

-    public function getNonce(): string
+    public function getNonce(): ?string
    {
        return $this->nonce;
    }