diff options
Diffstat (limited to 'oauthlib/oauth2/rfc6749/grant_types/openid_connect.py')
-rw-r--r-- | oauthlib/oauth2/rfc6749/grant_types/openid_connect.py | 12 |
1 files changed, 9 insertions, 3 deletions
diff --git a/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py b/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py index bdd09b9..4c98864 100644 --- a/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py +++ b/oauthlib/oauth2/rfc6749/grant_types/openid_connect.py @@ -141,6 +141,13 @@ class OpenIDConnectBase(object): def openid_authorization_validator(self, request): """Perform OpenID Connect specific authorization request validation. + nonce + OPTIONAL. String value used to associate a Client session with + an ID Token, and to mitigate replay attacks. The value is + passed through unmodified from the Authentication Request to + the ID Token. Sufficient entropy MUST be present in the nonce + values used to prevent attackers from guessing values + display OPTIONAL. ASCII string value that specifies how the Authorization Server displays the authentication and consent @@ -306,6 +313,7 @@ class OpenIDConnectBase(object): request_info = { 'display': request.display, + 'nonce': request.nonce, 'prompt': prompt, 'ui_locales': request.ui_locales.split() if request.ui_locales else [], 'id_token_hint': request.id_token_hint, @@ -336,9 +344,7 @@ class OpenIDConnectBase(object): desc = 'Request is missing mandatory nonce parameter.' raise InvalidRequestError(request=request, description=desc) - self._inflate_claims(request) - - return {'nonce': request.nonce, 'claims': request.claims} + return {} class OpenIDConnectAuthCode(OpenIDConnectBase): |