Merge 24b3817 into f296874

ibm-cloud-security · Oct 28, 2019 · 4ddd6f1 · 4ddd6f1
2 parents f296874 + 24b3817
commit 4ddd6f1
Show file tree

Hide file tree

Showing 5 changed files with 689 additions and 103 deletions.
diff --git a/dist/appid.min.js b/dist/appid.min.js
diff --git a/dist/appid.umd.min.js b/dist/appid.umd.min.js
diff --git a/src/TokenValidator.js b/src/TokenValidator.js
@@ -47,7 +47,7 @@ class TokenValidator {
 			throw new TokenError(constants.INVALID_AUDIENCE);
 		}
 
-		if ((nonce && !decoded.payloadObj.nonce) || (decoded.payloadObj.nonce !== nonce)) {
+		if (nonce && (!decoded.payloadObj.nonce || decoded.payloadObj.nonce !== nonce)) {
 			throw new TokenError(constants.INVALID_NONCE);
 		}
 

diff --git a/src/utils.js b/src/utils.js
@@ -135,8 +135,7 @@ class Utils {
 			token: tokens.access_token,
 			publicKeys,
 			issuer,
-			clientId,
-			nonce
+			clientId
 		});
 
 		const idTokenPayload = this.tokenValidator.decodeAndValidate({

diff --git a/test/tokenValidatorTest.js b/test/tokenValidatorTest.js
@@ -41,6 +41,13 @@ describe("TokenValidator", () => {
 			assert.equal(res.toString(), validPayload);
 		});
 
+		it('should return decoded payload - without nonce', async function () {
+			let token = generateToken({header, payload: validPayload});
+			let res = await tokenValidator.decodeAndValidate(
+				{token, publicKeys, issuer: validIssuer, clientId});
+			assert.equal(res.toString(), validPayload);
+		});
+
 		it('should return invalid token - malformed token', async function () {
 			try {
 				let res = await tokenValidator.decodeAndValidate(