From cac46fb1846c853f6c519beddd5ab5bdaf0770b1 Mon Sep 17 00:00:00 2001 From: Filip Skokan Date: Sun, 15 Dec 2019 17:01:21 +0100 Subject: [PATCH] fix: remove check for nonce presence in params This is a must check for idps and with the advent of request object use it doesn't make much sense for to check in this place. --- lib/client.js | 4 ---- test/client/client_instance.test.js | 15 --------------- 2 files changed, 19 deletions(-) diff --git a/lib/client.js b/lib/client.js index 6eb94357..ded86096 100644 --- a/lib/client.js +++ b/lib/client.js @@ -126,10 +126,6 @@ function authorizationParams(params) { } }); - if (authParams.response_type && authParams.response_type.split(' ').includes('id_token') && !authParams.nonce) { - throw new TypeError('nonce MUST be provided for implicit and hybrid flows'); - } - return authParams; } diff --git a/test/client/client_instance.test.js b/test/client/client_instance.test.js index 555b5f34..af4c316c 100644 --- a/test/client/client_instance.test.js +++ b/test/client/client_instance.test.js @@ -50,21 +50,6 @@ describe('Client', () => { }); }); - const nononce = ['none', 'code', 'code token']; - const nonce = ['id_token', 'id_token token', 'code id_token', 'code id_token token']; - - nononce.forEach((type) => { - it(`allows response_type=${type} without nonce`, function () { - expect(() => this.client.authorizationUrl({ response_type: type })).not.to.throw(); - }); - }); - - nonce.forEach((type) => { - it(`requires nonce for response_type=${type}`, function () { - expect(() => this.client.authorizationUrl({ response_type: type })).to.throw(TypeError, 'nonce MUST be provided for implicit and hybrid flows'); - }); - }); - it('returns a string with the url with some basic defaults', function () { expect(url.parse(this.client.authorizationUrl({ redirect_uri: 'https://rp.example.com/cb',