From de4381261e7b00eba7b437df1a914cdcc68b834a Mon Sep 17 00:00:00 2001
From: Lakhan Samani <lakhan.m.samani@gmail.com>
Date: Wed, 19 Oct 2022 23:17:13 +0530
Subject: [PATCH] fix: add nonce to supported claims

---
 app/src/Root.tsx                 | 7 ++-----
 server/handlers/authorize.go     | 5 ++---
 server/handlers/openid_config.go | 2 +-
 server/handlers/token.go         | 2 +-
 4 files changed, 6 insertions(+), 10 deletions(-)

diff --git a/app/src/Root.tsx b/app/src/Root.tsx
index b3fee57..cf1041e 100644
--- a/app/src/Root.tsx
+++ b/app/src/Root.tsx
@@ -39,7 +39,6 @@ export default function Root({
 		? searchParams.get('scope')?.toString().split(' ')
 		: ['openid', 'profile', 'email'];
 	const code = searchParams.get('code') || ''
-	const nonce = searchParams.get('nonce') || ''
 
 	const urlProps: Record<string, any> = {
 		state,
@@ -59,14 +58,12 @@ export default function Root({
 	useEffect(() => {
 		if (token) {
 			let redirectURL = config.redirectURL || '/app';
-			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}&code=`+code;
+			let params = `access_token=${token.access_token}&id_token=${token.id_token}&expires_in=${token.expires_in}&state=${globalState.state}`;
 
 			if (code !== '') {
 				params += `&code=${code}`
 			}
-			if (nonce !== '') {
-				params += `&nonce=${nonce}`
-			}
+
 			if (token.refresh_token) {
 				params += `&refresh_token=${token.refresh_token}`;
 			}
diff --git a/server/handlers/authorize.go b/server/handlers/authorize.go
index 1ffcabf..397aac6 100644
--- a/server/handlers/authorize.go
+++ b/server/handlers/authorize.go
@@ -188,7 +188,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			// 	},
 			// })
 
-			params := "code=" + code + "&state=" + state + "&nonce=" + nonce
+			params := "code=" + code + "&state=" + state
 			if responseMode == constants.ResponseModeQuery {
 				if strings.Contains(redirectURI, "?") {
 					redirectURI = redirectURI + "&" + params
@@ -243,7 +243,7 @@ func AuthorizeHandler() gin.HandlerFunc {
 			}
 
 			// used of query mode
-			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code + "&nonce=" + nonce
+			params := "access_token=" + authToken.AccessToken.Token + "&token_type=bearer&expires_in=" + strconv.FormatInt(expiresIn, 10) + "&state=" + state + "&id_token=" + authToken.IDToken.Token + "&code=" + code
 
 			res := map[string]interface{}{
 				"access_token": authToken.AccessToken.Token,
@@ -253,7 +253,6 @@ func AuthorizeHandler() gin.HandlerFunc {
 				"token_type":   "Bearer",
 				"expires_in":   expiresIn,
 				"code":         code,
-				"nonce":        nonce,
 			}
 
 			if authToken.RefreshToken != nil {
diff --git a/server/handlers/openid_config.go b/server/handlers/openid_config.go
index c2a95c4..8138d42 100644
--- a/server/handlers/openid_config.go
+++ b/server/handlers/openid_config.go
@@ -24,7 +24,7 @@ func OpenIDConfigurationHandler() gin.HandlerFunc {
 			"scopes_supported":                      []string{"openid", "email", "profile", "email_verified", "given_name", "family_name", "nick_name", "picture"},
 			"response_modes_supported":              []string{"query", "fragment", "form_post", "web_message"},
 			"id_token_signing_alg_values_supported": []string{jwtType},
-			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified"},
+			"claims_supported":                      []string{"aud", "exp", "iss", "iat", "sub", "given_name", "family_name", "middle_name", "nickname", "preferred_username", "picture", "email", "email_verified", "roles", "gender", "birthdate", "phone_number", "phone_number_verified", "nonce"},
 		})
 	}
 }
diff --git a/server/handlers/token.go b/server/handlers/token.go
index da72969..97bce00 100644
--- a/server/handlers/token.go
+++ b/server/handlers/token.go
@@ -22,7 +22,7 @@ import (
 func TokenHandler() gin.HandlerFunc {
 	return func(gc *gin.Context) {
 		var reqBody map[string]string
-		if err := gc.BindJSON(&reqBody); err != nil {
+		if err := gc.Bind(&reqBody); err != nil {
 			log.Debug("Error binding JSON: ", err)
 			gc.JSON(http.StatusBadRequest, gin.H{
 				"error":             "error_binding_json",