From 7cb2f693a22ea48df042b572425d9afd590bf8f9 Mon Sep 17 00:00:00 2001
From: Danilo <danilo@piumalab.org>
Date: Wed, 24 Nov 2021 16:04:11 +0100
Subject: [PATCH 1/2] fix: getState() return empty string

---
 src/OpenIDConnectClient.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index 7eeed5c2..a5d9fb56 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -307,6 +307,11 @@ public function authenticate() {
                 throw new OpenIDConnectClientException('Got response: ' . $token_json->error);
             }
 
+	    // Sometime getState() return an empty string
+            // and the authentication process fail
+            if ($this->getState() == "")
+                $this->setState($_REQUEST['state']);
+
             // Do an OpenID Connect session check
             if ($_REQUEST['state'] !== $this->getState()) {
                 throw new OpenIDConnectClientException('Unable to determine state');

From d2c116ef7ac1439cd54b1c1f378160782c229454 Mon Sep 17 00:00:00 2001
From: Aladdin <khanuddin001@gmail.com>
Date: Thu, 15 Jun 2023 12:48:50 +0200
Subject: [PATCH 2/2] Fix: setNonce when it's empty

---
 src/OpenIDConnectClient.php | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/OpenIDConnectClient.php b/src/OpenIDConnectClient.php
index a5d9fb56..3d09d666 100644
--- a/src/OpenIDConnectClient.php
+++ b/src/OpenIDConnectClient.php
@@ -307,7 +307,7 @@ public function authenticate() {
                 throw new OpenIDConnectClientException('Got response: ' . $token_json->error);
             }
 
-	    // Sometime getState() return an empty string
+	        // Sometime getState() return an empty string
             // and the authentication process fail
             if ($this->getState() == "")
                 $this->setState($_REQUEST['state']);
@@ -344,6 +344,13 @@ public function authenticate() {
             // Save the access token
             $this->accessToken = $token_json->access_token;
 
+            // During verifyJWTclaims sometime return an empty string (probably caused by the session timeout between KC and Client)
+            // Which cause issue in the *_auth.php, this should "patch" the randomic emptiness.
+            if ($this->getNonce() == "") {
+                $this->setNonce($claims->nonce);
+                user_error('Warning: Function getNonce return empty, setting in the session!');
+            };
+
             // If this is a valid claim
             if ($this->verifyJWTclaims($claims, $token_json->access_token)) {