fix: Check if nonce is enabled

maicol07 · maicol07 · commit 08bd60f5f940 · 2021-10-18T20:23:23.000+02:00
diff --git a/src/Client.php b/src/Client.php
@@ -217,7 +217,7 @@ public function authenticate(): bool
                 throw new ClientException('User did not authorize openid scope.');
             }
 
-            if (Session::get('oidc_nonce') !== $request->get('nonce')) {
+            if ($this->enable_nonce && Session::get('oidc_nonce') !== $request->get('nonce')) {
                 throw new ClientException("Generated nonce is not equal to the one returned by the server.");
             }
             Session::remove('oidc_nonce');

Original file line number	Diff line number	Diff line change
`@@ -217,7 +217,7 @@ public function authenticate(): bool`
`217`	`217`	`throw new ClientException('User did not authorize openid scope.');`
`218`	`218`	`}`
`219`	`219`
`220`		`- if (Session::get('oidc_nonce') !== $request->get('nonce')) {`
	`220`	`+ if ($this->enable_nonce && Session::get('oidc_nonce') !== $request->get('nonce')) {`
`221`	`221`	`throw new ClientException("Generated nonce is not equal to the one returned by the server.");`
`222`	`222`	`}`
`223`	`223`	`Session::remove('oidc_nonce');`