Closed anestos closed 8 years ago
I've updated this but to maintain backwards compatibility I've done it in a slightly different way - you can disable the auto generation of the nonce by setting the auto-generate-nonce attribute to false:
<oauth2 .... auto-generate-nonce="false" ...>
It's not as clean as the above but if I use the lack of a nonce to trigger it then it breaks existing clients where the server is expecting a nonce.
I may revisit on v2.0.0.
The update is in v1.0.3
Hi, it seems that the nonce parameter of the request url is always there. Google doesn't accept requests with that parameter. A quick fix would be to add the nonce only if it is provided like in the original oauth-ng plugin: