Closed moufmouf closed 3 months ago
Hey @ronvanderheijden ,
Following your last review (and the fact I broke CI), I realized that the CI checks were not visible when making a PR from a fork. I slightly changed the configuration of the CI to be sure that when a PR is open, Github actions are run (and are visible in the PR).
So long story short, the CI is now ok! Let's merge this!
According to the OpenID connect spec:
Right now, if a client passes a "nounce", we don't give it back and the client fails. This is happening to me right now with the client from Matrix Synapse.
Here, I'm creating a new service (
CurrentRequestService
). With this new service, I can get the current PSR-7 request.I extend the AuthCodeGrant and inject this service into the extended class. With this, I can:
Then, in the
IdTokenResponse
, I read the "code" (if it is present), extract the "nounce" and inject it in the ID token as a new claim.The whole process is inspired by this comment: https://github.com/steverhoades/oauth2-openid-connect-server/issues/47#issuecomment-1228370632
With those changes, nounce is correctly handled and I've successfully tested a connection with the OpenID client from Matrix Synapse.
This PR is built on top of #16