Mirrors/sftpgo
1
0
Fork 0
mirror of https://github.com/drakkan/sftpgo.git synced 2025-12-07 23:00:55 +03:00
Code Issues Packages Projects Releases Wiki Activity

oidc refresh token: validate nonce only if set

Browse Source 
As clarified in OpenID core spec errata 2, section 12.2

Signed-off-by: Nicola Murino <nicola.murino@gmail.com>
This commit is contained in:
Nicola Murino
2024-07-01 19:06:11 +02:00
parent 55be9f0b9c
commit 64a2f7aa4f
2 changed files with 10 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/httpd/oidc_test.go
View File

@@ -626,7 +626,9 @@ func TestOIDCRefreshToken(t *testing.T) {
},
}
verifier = mockOIDCVerifier{
token: &oidc.IDToken{},
token: &oidc.IDToken{
Nonce: xid.New().String(), // nonce is different from the expected one
},
}
err = token.refresh(context.Background(), &config, &verifier, r)
if assert.Error(t, err) {
@@ -634,7 +636,7 @@ func TestOIDCRefreshToken(t *testing.T) {
}
verifier = mockOIDCVerifier{
token: &oidc.IDToken{
Nonce: token.Nonce,
Nonce: "", // empty token is fine on refresh but claims are not set
},
}
err = token.refresh(context.Background(), &config, &verifier, r)