From f9c919a2ace853c8d4a3abefd1554cb69da54062 Mon Sep 17 00:00:00 2001
From: Matthieu Lamalle <mlamalle@cadoles.com>
Date: Thu, 2 Mar 2023 15:07:02 +0100
Subject: [PATCH] Ajout du nonce au login

---
 client.go     | 4 +++-
 middleware.go | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/client.go b/client.go
index 7f11e7e..f856c0b 100644
--- a/client.go
+++ b/client.go
@@ -37,15 +37,17 @@ func (c *Client) Login(w http.ResponseWriter, r *http.Request) {
 	}
 
 	state := uniuri.New()
+	nonce := uniuri.New()
 
 	sess.Set(SessionOIDCStateKey, state)
+	sess.Set(SessionOIDCNonceKey, nonce)
 
 	if err := sess.Save(w, r); err != nil {
 		panic(errors.Wrap(err, "could not save session"))
 	}
 
 	authCodeOptions := []oauth2.AuthCodeOption{}
-
+	authCodeOptions = append(authCodeOptions, oidc.Nonce(nonce))
 	authCodeURL := c.oauth2.AuthCodeURL(
 		state,
 		authCodeOptions...,
diff --git a/middleware.go b/middleware.go
index 69de8f3..20683ab 100644
--- a/middleware.go
+++ b/middleware.go
@@ -14,6 +14,7 @@ import (
 const (
 	SessionIDTokenKey   = "oidc-id-token"
 	SessionOIDCStateKey = "oidc-state"
+	SessionOIDCNonceKey = "oidc-nonce"
 )
 
 func init() {
-- 
2.17.1