angular-oauth2-oidc do not redeclare nonce variable, otherwise it will not be attached to the url

do not redeclare nonce variable, otherwise it will not be attached to the url

Open chrissachs opened this issue 6 years ago • 0 comments

The nonce wasn't attached to the login url, as it was redeclared, which got transpiled to

        var nonce = null;
        if (!this.disableNonceCheck) {
            nonce_1 = this.createAndSaveNonce();
            if (state) {
                state = nonce_1 + this.config.nonceStateSeparator + state;
            }
            else {
                state = nonce_1;
            }
        }

	// ...

        if (nonce && this.oidc) {
            url += '&nonce=' + encodeURIComponent(nonce);
        }

and therefore was never attached to the login url (and in my case was later missing in the identity token, and it couldn't be verified)

Nov 19 '18 17:11 chrissachs

angular-oauth2-oidc angular-oauth2-oidc copied to clipboard

do not redeclare nonce variable, otherwise it will not be attached to the url

angular-oauth2-oidc
angular-oauth2-oidc copied to clipboard