Added the possibility to configure the length of the nonce and the state

[rollagnier]

Added the possibility to configure the length of the nonce and the state
Added the raw response if HttpStatusCode is not OK (redeem code for tokens)

[leastprivilege]

Sorry for closing.

Could you give me some reasoning for these changes?

[blushingpenguin]

One motivation for configuring the state length is NetSuite which requires a 24 character state parameter for no apparent reason:
https://docs.oracle.com/en/cloud/saas/netsuite/ns-online-help/section_158081944642.html

state | The length of the state parameter must be between 24 and 1024 characters. Valid characters are all printable ASCII characters.

They really do enforce that.

[leastprivilege]

Two thoughts

a) nonce is not required anymore since Hybrid flow is not supported anymore
b) there should be a lower bound for the state length

[leastprivilege]

OK - nonce removed via #328

[rollagnier]

Hello,

My client has developed his own identity management and authentication tool. The nonce and the state must have a minimum length. For example, the US government recommends at least 22 characters (https://developers.login.gov/oidc/).

Best Regards,
Remi Ollagnier

[leastprivilege]

ok. thanks!

[github-actions]

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue.