Nonce required for openId with IdentityServer3

JamesRandall / AngularJS-OAuth2

Package for allowing an AngularJS application to authenticate with an OAuth 2 / Open ID Connect identity provider using the implicit flow.

MIT License

46 stars 42 forks source link

Nonce required for openId with IdentityServer3 #4

Closed pinnprophead closed 9 years ago

pinnprophead commented 9 years ago

I think a nonce (number used once) attribute would be required for IdentityServer3. When asking for openid scope, IdentityServer3 returns an error that says "nonce required."

The thinktecture guys had this handy function for the (default) value of nonce:

function rand() { return ((Date.now() + Math.random()) * Math.random()).toString().replace(".",""); }

They used it for the "state" value as well.

pinnprophead commented 9 years ago

I made minor changes to the component, tested and it works with the nonce attribute (and default value) added.

JamesRandall commented 9 years ago

Thank pinnprophead - I'll get a fix in place hopefully this weekend.

JamesRandall commented 9 years ago

Now in the package and I've tested it with IdentityServer3 functions that require state.