stefb965
diff --git a/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java‎
Lines changed: 12 additions & 24 deletions b/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java‎
Lines changed: 12 additions & 24 deletions
diff --git a/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java‎
Lines changed: 1 addition & 3 deletions b/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java‎
Lines changed: 1 addition & 3 deletions b/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java‎
Lines changed: 1 addition & 3 deletions b/‎openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java‎
Lines changed: 1 addition & 3 deletions
diff --git a/‎openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java‎
Lines changed: 1 addition & 34 deletions b/‎openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java‎
Lines changed: 1 addition & 34 deletions
@@ -254,10 +254,7 @@ protected void handleAuthorizationRequest(HttpServletRequest request, HttpServle
 session.setAttribute(REDIRECT_URI_SESION_VARIABLE, redirectUri);
 
 // this value comes back in the id token and is checked there
-String nonce = null;
-if (serverConfig.isNonceEnabled()) {
-nonce = createNonce(session);
-}
+String nonce = createNonce(session);
 
 // this value comes back in the auth code response
 String state = createState(session);
@@ -565,30 +562,21 @@ protected ClientHttpRequest createRequest(URI url, HttpMethod method) throws IOE
 
 // compare the nonce to our stored claim
 String nonce = idClaims.getStringClaim("nonce");
+if (Strings.isNullOrEmpty(nonce)) {
 
-if (serverConfig.isNonceEnabled()) {
-if (Strings.isNullOrEmpty(nonce)) {
-
-logger.error("ID token did not contain a nonce claim.");
+logger.error("ID token did not contain a nonce claim.");
 
-throw new AuthenticationServiceException("ID token did not contain a nonce claim.");
-}
+throw new AuthenticationServiceException("ID token did not contain a nonce claim.");
+}
 
-String storedNonce = getStoredNonce(session);
-if (!nonce.equals(storedNonce)) {
-logger.error("Possible replay attack detected! The comparison of the nonce in the returned "
-+ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
+String storedNonce = getStoredNonce(session);
+if (!nonce.equals(storedNonce)) {
+logger.error("Possible replay attack detected! The comparison of the nonce in the returned "
++ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
 
-throw new AuthenticationServiceException(
-"Possible replay attack detected! The comparison of the nonce in the returned "
-+ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
-}
-} else {
-if (!Strings.isNullOrEmpty(nonce)) {
-logger.error("Possible injection attack! The server returned a nonce value where none was sent or expected: " + nonce);
-throw new AuthenticationServiceException(
-"Possible injection attack! The server returned a nonce value where none was sent or expected: " + nonce);
-}
+throw new AuthenticationServiceException(
+"Possible replay attack detected! The comparison of the nonce in the returned "
++ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
 }
 
 // pull the subject (user id) out as a claim on the id_token
 
@@ -68,9 +68,7 @@ public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredCl
 claims.setClaim("redirect_uri", redirectUri);
 
 // this comes back in the id token
-if (nonce != null) {
-claims.setClaim("nonce", nonce);
-}
+claims.setClaim("nonce", nonce);
 
 // this comes back in the auth request return
 claims.setClaim("state", state);
 
@@ -54,9 +54,7 @@ public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredCl
 
 uriBuilder.addParameter("redirect_uri", redirectUri);
 
-if (nonce != null) {
-uriBuilder.addParameter("nonce", nonce);
-}
+uriBuilder.addParameter("nonce", nonce);
 
 uriBuilder.addParameter("state", state);
 
 
@@ -62,9 +62,7 @@ public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredCl
 claims.setClaim("redirect_uri", redirectUri);
 
 // this comes back in the id token
-if (nonce != null) {
-claims.setClaim("nonce", nonce);
-}
+claims.setClaim("nonce", nonce);
 
 // this comes back in the auth request return
 claims.setClaim("state", state);
 
@@ -219,9 +219,6 @@ public enum UserInfoTokenMethod {
 QUERY;
 }
 
-// do we create and send a nonce value?
-private boolean nonceEnabled = true;
-
 /**
  * @return the authorizationEndpointUri
  */
@@ -680,23 +677,6 @@ public UserInfoTokenMethod getUserInfoTokenMethod() {
 public void setUserInfoTokenMethod(UserInfoTokenMethod userInfoTokenMethod) {
 this.userInfoTokenMethod = userInfoTokenMethod;
 }
-
-
-/**
- * @return the nonceEnabled
- */
-public boolean isNonceEnabled() {
-return nonceEnabled;
-}
-/**
- * @param nonceEnabled the nonceEnabled to set
- */
-public void setNonceEnabled(boolean nonceEnabled) {
-this.nonceEnabled = nonceEnabled;
-}
-/* (non-Javadoc)
- * @see java.lang.Object#hashCode()
- */
 @Override
 public int hashCode() {
 final int prime = 31;
@@ -757,7 +737,6 @@ public int hashCode() {
 : introspectionEndpointUri.hashCode());
 result = prime * result + ((issuer == null) ? 0 : issuer.hashCode());
 result = prime * result + ((jwksUri == null) ? 0 : jwksUri.hashCode());
-result = prime * result + (nonceEnabled ? 1231 : 1237);
 result = prime * result
 + ((opPolicyUri == null) ? 0 : opPolicyUri.hashCode());
 result = prime * result
@@ -823,10 +802,6 @@ public int hashCode() {
 * result
 + ((uiLocalesSupported == null) ? 0 : uiLocalesSupported
 .hashCode());
-result = prime
-* result
-+ ((userInfoTokenMethod == null) ? 0 : userInfoTokenMethod
-.hashCode());
 result = prime * result
 + ((userInfoUri == null) ? 0 : userInfoUri.hashCode());
 result = prime
@@ -843,9 +818,6 @@ public int hashCode() {
 : userinfoSigningAlgValuesSupported.hashCode());
 return result;
 }
-/* (non-Javadoc)
- * @see java.lang.Object#equals(java.lang.Object)
- */
 @Override
 public boolean equals(Object obj) {
 if (this == obj) {
@@ -976,9 +948,6 @@ public boolean equals(Object obj) {
 } else if (!jwksUri.equals(other.jwksUri)) {
 return false;
 }
-if (nonceEnabled != other.nonceEnabled) {
-return false;
-}
 if (opPolicyUri == null) {
 if (other.opPolicyUri != null) {
 return false;
@@ -1114,9 +1083,6 @@ public boolean equals(Object obj) {
 } else if (!uiLocalesSupported.equals(other.uiLocalesSupported)) {
 return false;
 }
-if (userInfoTokenMethod != other.userInfoTokenMethod) {
-return false;
-}
 if (userInfoUri == null) {
 if (other.userInfoUri != null) {
 return false;
@@ -1151,4 +1117,5 @@ public boolean equals(Object obj) {
 return true;
 }
 
+
 }