use of com.nimbusds.openid.connect.sdk.Nonce in project pac4j by pac4j.
the class OidcRedirectActionBuilder method addStateAndNonceParameters.
protected void addStateAndNonceParameters(final WebContext context, final Map<String, String> params) {
// Init state for CSRF mitigation
final State state;
if (configuration.isWithState()) {
state = new State(configuration.getStateData());
} else {
state = new State();
}
params.put(OidcConfiguration.STATE, state.getValue());
context.getSessionStore().set(context, OidcConfiguration.STATE_SESSION_ATTRIBUTE, state);
// Init nonce for replay attack mitigation
if (configuration.isUseNonce()) {
final Nonce nonce = new Nonce();
params.put(OidcConfiguration.NONCE, nonce.getValue());
context.getSessionStore().set(context, OidcConfiguration.NONCE_SESSION_ATTRIBUTE, nonce.getValue());
}
}