From a95894dbadfb8b9d973bc52f13e331ac3d8dafd2 Mon Sep 17 00:00:00 2001
From: Grzegorz Grzybek <gr.grzybek@gmail.com>
Date: Thu, 8 Feb 2024 13:19:32 +0100
Subject: [PATCH] Do not verify nonce in access and refresh tokens (only id
 tokens) (#26891)

Closes #26651

Signed-off-by: Grzegorz Grzybek <gr.grzybek@gmail.com>
---
 js/libs/keycloak-js/src/keycloak.js | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/js/libs/keycloak-js/src/keycloak.js b/js/libs/keycloak-js/src/keycloak.js
index acee5a20c8..35ff2d24de 100755
--- a/js/libs/keycloak-js/src/keycloak.js
+++ b/js/libs/keycloak-js/src/keycloak.js
@@ -802,10 +802,7 @@ function Keycloak (config) {
 
             setToken(accessToken, refreshToken, idToken, timeLocal);
 
-            if (useNonce && ((kc.tokenParsed && kc.tokenParsed.nonce != oauth.storedNonce) ||
-                (kc.refreshTokenParsed && kc.refreshTokenParsed.nonce != oauth.storedNonce) ||
-                (kc.idTokenParsed && kc.idTokenParsed.nonce != oauth.storedNonce))) {
-
+            if (useNonce && (kc.idTokenParsed && kc.idTokenParsed.nonce != oauth.storedNonce)) {
                 logInfo('[KEYCLOAK] Invalid nonce, clearing token');
                 kc.clearToken();
                 promise && promise.setError();