Skip to content

Using nonce and POST in Authorization Code Flow fails to set nonce in Id Token #768

New issue
New issue
Open
#1032
Open
Using nonce and POST in Authorization Code Flow fails to set nonce in Id Token#768
#1032
@dgersh

Description

@dgersh
dgersh
opened on Oct 7, 2016

In
/oauth2-server-php/src/OAuth2/OpenID/Controller/AuthorizeController.php

in the validateAuthorizeRequest function is the call to
$nonce = $request->query('nonce');

If you are using POST to send your request to the OP, then the function will fail to grab the nonce for use in the Id Token. Needs to be changed to:
``$nonce = $request->request('nonce');`

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions