@@ -108,6 +108,13 @@ public function bindCode($code, $idToken) {
108108 return $ idToken
109109 }
110110
111+ public function bindNonce ($ nonce$ idToken
112+ if ($ nonce
113+ $ idToken'payload ' ]['nonce ' ] = $ nonce
114+ }
115+ return $ idToken
116+ }
117+
111118 public function bindAccessToken ($ accessToken$ idToken
112119 $ tokenHash$ this generateTokenHash ($ accessToken
113120 $ idToken'payload ' ]['at_hash ' ] = $ tokenHash
@@ -161,12 +168,14 @@ public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $pr
161168 if (preg_match ("/#access_token=(.*?)&/ " , $ value$ matches
162169 $ idToken$ this generateIdToken ($ clientId$ subject
163170 $ idToken$ this bindAccessToken ($ matches1 ], $ idToken
171+ $ idToken$ this bindNonce ($ nonce$ idToken
164172 $ idToken$ this signToken ($ idToken
165173 $ valuepreg_replace ("/#access_token=(.*?)&/ " , "#access_token= \$1&id_token= $ idToken& " , $ value
166174 $ response$ responsewithHeader ("Location " , $ value
167175 } else if (preg_match ("/code=(.*?)&/ " , $ value$ matches
168176 $ idToken$ this generateIdToken ($ clientId$ subject
169177 $ idToken$ this bindCode ($ matches1 ], $ idToken
178+ $ idToken$ this bindNonce ($ nonce$ idToken
170179 $ idToken$ this signToken ($ idToken
171180 $ valuepreg_replace ("/code=(.*?)&/ " , "code= \$1&id_token= $ idToken& " , $ value
172181 $ response$ responsewithHeader ("Location " , $ value
@@ -183,6 +192,7 @@ public function addIdTokenToResponse($response, $clientId, $subject, $nonce, $pr
183192
184193 $ idToken$ this generateIdToken ($ clientId$ subject
185194 $ idToken$ this bindAccessToken ($ accessToken$ idToken
195+ $ idToken$ this bindNonce ($ nonce$ idToken
186196 $ idToken$ this signToken ($ idToken
187197
188198 $ body'access_token ' ] = $ accessToken
0 commit comments