Open MarkLinovy opened 5 days ago
We are generating a cryptographically random nonce
final nonce = Nonce.generate(32, Random.secure());
but we are not hashing it.
is there a reference in the spec to hashing nonce?
There is a reference in the spec for javascript clients that mentions hashing nonce. That makes it unguessable for a potential attacker: https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes
Also other libs are expecting the rawNonce and compare the hashed version with the nonce in the id token. See Firebase Auth, Apple Auth and Spring OAuth Default. If this lib doesn't support hashed nonce we can't use it with firebase identity federation e.G.
Do you want me to create a pull request?
I see now, it would be great if you make a PR for this, yes please.
I created the PR. Unfortunately I see no way to test it without mocking everything. Ive also remove the hashed nonce from store. Do you have any remarks?
Description I am not 100% sure if it's a bug or not. So please let me explain my undestanding and correct me if im wrong:
For Code flow we send a nonce to verify that the idtoken weve received actually belongs to the request we made. For this we usually generate a random string. Let's call it "rawNonce". Now before we send it to the Auth Server we hash it (sha256). This allows us to hash the raw nonce again before comparing it with the nonce included in the id token.
As I could see in the source code you are not hashing the nonce. Can you extend the lib and include a rawNonce? I would happily create a PR if it makes sense to include.