-
Notifications
You must be signed in to change notification settings - Fork 924
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(oauth2): make nonce settable when response_type includes 'token' #709
Conversation
@pi0 & @JoaoPedroAS51 Please review this. |
You can enforce a nonce being sent by setting the See: |
@jkupcho I agree with you. But, If I need to set we are extracting However, we are setting nonce only if My expectation was setting nonce through params however because of above-explained logic nonce cannot be set through params unless Let me know, if you agree with me or not. |
Yeah I think that makes sense. Are you seeing flows where the nonce is necessary outside of |
Keycloak has nonce enabled for
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hi @gagandeep! I'm so sorry for the delay. Thank you for your PR! Nice work 😃
Just left a comment :)
Co-authored-by: João Pedro Antunes Silva <joao-pedroas@hotmail.com>
Keycloak required nonce for response_type=token but there was no way I was able to set nonce.