allow empty nonce

ylebre · ylebre · commit b4667d4183ee · 2022-06-03T10:54:10.000+02:00
diff --git a/solid/lib/Controller/ServerController.php b/solid/lib/Controller/ServerController.php
@@ -257,7 +257,7 @@ public function token() {
 		// FIXME: not sure if decoding this here is the way to go.
 		// FIXME: because this is a public page, the nonce from the session is not available here.
 		$codeInfo = $this->tokenGenerator->getCodeInfo($code);
-		$response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $codeInfo['user_id'], $_SESSION['nonce'], $this->config->getPrivateKey(), $dpopKey);
+		$response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $codeInfo['user_id'], ($_SESSION['nonce'] ?? ''), $this->config->getPrivateKey(), $dpopKey);
 
 		return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*');
 	}

Original file line number	Diff line number	Diff line change
`@@ -257,7 +257,7 @@ public function token() {`
`257`	`257`	`// FIXME: not sure if decoding this here is the way to go.`
`258`	`258`	`// FIXME: because this is a public page, the nonce from the session is not available here.`
`259`	`259`	`$codeInfo = $this->tokenGenerator->getCodeInfo($code);`
`260`		`- $response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $codeInfo['user_id'], $_SESSION['nonce'], $this->config->getPrivateKey(), $dpopKey);`
	`260`	`+ $response = $this->tokenGenerator->addIdTokenToResponse($response, $clientId, $codeInfo['user_id'], ($_SESSION['nonce'] ?? ''), $this->config->getPrivateKey(), $dpopKey);`
`261`	`261`
`262`	`262`	`return $this->respond($response); // ->addHeader('Access-Control-Allow-Origin', '*');`
`263`	`263`	`}`