Use request.nonce when generating hybrid id token

Like with the implicit grant, we need to override add_id_token to pass the nonce from the current request to GrantBase.add_id_token in order for the ID token to have the correct nonce. Add test that the nonce is in ID token from hybrid OIDC flow. Fixes: #746
author: Tom Evans <tevans@mintel.com> 2021-02-01 13:44:19 +0000
committer: Asif Saif Uddin <auvipy@gmail.com> 2021-02-12 11:31:48 +0600
commit: 89162b8a7a911f094674d0a77199ae226b71a656 (patch)
tree: 8ec5c33f35aa4f1e6183d9c199900197a48789c0 /tests
parent: 637c8945f2ba1481927478db7d1fa09de43c265b (diff)
download: oauthlib-89162b8a7a911f094674d0a77199ae226b71a656.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/tests/openid/connect/core/grant_types/test_hybrid.py b/tests/openid/connect/core/grant_types/test_hybrid.py
index fb61b04..e525f63 100644
--- a/tests/openid/connect/core/grant_types/test_hybrid.py
+++ b/tests/openid/connect/core/grant_types/test_hybrid.py
@@ -67,6 +67,15 @@ class OpenIDHybridCodeIdTokenTest(OpenIDAuthCodeTest):
         self.assertIsNone(b)
         self.assertEqual(s, 302)
 
+    def test_id_token_contains_nonce(self):
+        token = {}
+        self.mock_validator.get_id_token.side_effect = None
+        self.mock_validator.get_id_token.return_value = None
+        token = self.auth.add_id_token(token, None, self.request)
+        assert self.mock_validator.finalize_id_token.call_count == 1
+        claims = self.mock_validator.finalize_id_token.call_args[0][0]
+        assert "nonce" in claims
+
 
 class OpenIDHybridCodeIdTokenTokenTest(OpenIDAuthCodeTest):
author	Tom Evans <tevans@mintel.com>	2021-02-01 13:44:19 +0000
committer	Asif Saif Uddin <auvipy@gmail.com>	2021-02-12 11:31:48 +0600
commit	89162b8a7a911f094674d0a77199ae226b71a656 (patch)
tree	8ec5c33f35aa4f1e6183d9c199900197a48789c0 /tests
parent	637c8945f2ba1481927478db7d1fa09de43c265b (diff)
download	oauthlib-89162b8a7a911f094674d0a77199ae226b71a656.tar.gz