search

bshaffer / oauth2-server-php

A library for implementing an OAuth2 Server in php
http://bshaffer.github.io/oauth2-server-php-docs
MIT License
3.26k stars 950 forks source link

pick up nonce correctly in authorize endpoint since it could be a POST request as well #1032

Open ashfame opened 2 years ago

ashfame commented 2 years ago

This PR fixes the issue of missing nonce in id_token when it's set by the oauth client while hitting the Authorize Endpoint when POST request is used, breaking OIDC compliance.

OIDC Spec specifies both GET and POST are supported for Authorize Endpoint.

Fixes #768 which highlights the same issue