Skip to content

Commit 9c48b26

Browse files
VIA-757 AJ/DB Add mandatory nonce check
- NHS login just made nonce parameter mandatory - Next-Auth checks whether the nonce value in auth request matches the one returned in ID Token
1 parent 79c3495 commit 9c48b26

File tree

2 files changed

+2
-2
lines changed

2 files changed

+2
-2
lines changed

src/app/api/auth/[...nextauth]/provider.test.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,6 @@ describe("provider", () => {
1818
expect(provider.type).toEqual("oidc");
1919
expect(provider.authorization.params.prompt).toBe("none");
2020
expect(provider.client?.token_endpoint_auth_method).toEqual("private_key_jwt");
21-
expect(provider.checks).toEqual(["state"]);
21+
expect(provider.checks).toEqual(["state", "nonce"]);
2222
});
2323
});

src/app/api/auth/[...nextauth]/provider.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -27,7 +27,7 @@ const NHSLoginAuthProvider = async (): Promise<OIDCConfig<Profile>> => {
2727
userinfo_signed_response_alg: "RS512",
2828
},
2929
idToken: true,
30-
checks: ["state"],
30+
checks: ["state", "nonce"],
3131
};
3232
};
3333

0 commit comments

Comments
 (0)