File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -75,16 +75,20 @@ public boolean verify() throws InvalidClaimException {
7575 // TODO: what is the following ''Nonce in id_token not matching nonce in authz'
7676
7777 String spaceSeparatedScopes = ((String ) getClaims ().get ("scope" ));
78-
7978 if (spaceSeparatedScopes == null
8079 || !Pattern .compile ("\\ bopenid\\ b" ).matcher (spaceSeparatedScopes ).find ()) {
8180 getError ().getMessages ().add ("Parameter scope must exist and contain value openid" );
8281 }
8382
84- List <String > prompt = ((List <String >) getClaims ().get ("prompt" ));
83+ String responseType = (String ) getClaims ().get ("response_type" );
84+ if (Pattern .compile ("\\ bid_token\\ b" ).matcher (responseType ).find ()
85+ && (getClaims ().get ("nonce" ) == null || ((String ) getClaims ().get ("nonce" )).isEmpty ())) {
86+ getError ().getMessages ().add ("Nonce is mandatory if response type contains id_token" );
87+ }
8588
89+ List <String > prompt = ((List <String >) getClaims ().get ("prompt" ));
8690 if (prompt != null && prompt .contains ("none" ) && prompt .size () > 1 ) {
87- getError ().getMessages ().add ("prompt value none must not be used with other values" );
91+ getError ().getMessages ().add ("Prompt value none must not be used with other values" );
8892 }
8993
9094 if (Pattern .compile ("\\ boffline_access\\ b" ).matcher (spaceSeparatedScopes ).find ()) {
Original file line number Diff line number Diff line change @@ -51,6 +51,23 @@ public void testSuccessOfflineAccess() throws InvalidClaimException {
5151 Assert .assertEquals ("consent" , ((List <String >) req .getClaims ().get ("prompt" )).get (0 ));
5252 Assert .assertEquals ("openid offline_access" , req .getClaims ().get ("scope" ));
5353 }
54+
55+ @ Test
56+ public void testSuccessResponseTypeIdToken () throws InvalidClaimException {
57+ claims .put ("response_type" , "id_token token" );
58+ claims .put ("nonce" , "DFHGFG" );
59+ AuthenticationRequest req = new AuthenticationRequest (claims );
60+ req .verify ();
61+ Assert .assertEquals ("DFHGFG" , (String ) req .getClaims ().get ("nonce" ));
62+ Assert .assertEquals ("id_token token" , req .getClaims ().get ("response_type" ));
63+ }
64+
65+ @ Test (expected = InvalidClaimException .class )
66+ public void testFailResponseTypeIdTokenMissingNonce () throws InvalidClaimException {
67+ claims .put ("response_type" , "id_token token" );
68+ AuthenticationRequest req = new AuthenticationRequest (claims );
69+ req .verify ();
70+ }
5471
5572 @ Test (expected = InvalidClaimException .class )
5673 public void testFailOfflineAccessNoConsent () throws InvalidClaimException {
You can’t perform that action at this time.
0 commit comments