libre.sh/keycloak-scim
4
0
Fork 0
Code Issues 15 Pull requests Releases 1 Activity Actions

Do not verify nonce in access and refresh tokens (only id tokens) (#26891)

Browse source 
Closes #26651

Signed-off-by: Grzegorz Grzybek <gr.grzybek@gmail.com>
This commit is contained in:
Grzegorz Grzybek 2024-02-08 13:19:32 +01:00 committed by GitHub
parent edd68d12fb
commit a95894dbad
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 1 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
js/libs/keycloak-js/src/keycloak.js
View file

@ -802,10 +802,7 @@ function Keycloak (config) {
setToken(accessToken, refreshToken, idToken, timeLocal); setToken(accessToken, refreshToken, idToken, timeLocal);
if (useNonce && ((kc.tokenParsed && kc.tokenParsed.nonce != oauth.storedNonce) || if (useNonce && (kc.idTokenParsed && kc.idTokenParsed.nonce != oauth.storedNonce)) {
(kc.refreshTokenParsed && kc.refreshTokenParsed.nonce != oauth.storedNonce) ||
(kc.idTokenParsed && kc.idTokenParsed.nonce != oauth.storedNonce))) {
logInfo('[KEYCLOAK] Invalid nonce, clearing token'); logInfo('[KEYCLOAK] Invalid nonce, clearing token');
kc.clearToken(); kc.clearToken();
promise && promise.setError(); promise && promise.setError();