Examples with Nonce - com.nimbusds.openid.connect.sdk.Nonce

Example 1 with Nonce

use of com.nimbusds.openid.connect.sdk.Nonce in project pac4j by pac4j.

the class OidcRedirectActionBuilder method addStateAndNonceParameters.

protected void addStateAndNonceParameters(final WebContext context, final Map<String, String> params) {
    // Init state for CSRF mitigation
    final State state;
    if (configuration.isWithState()) {
        state = new State(configuration.getStateData());
    } else {
        state = new State();
    }
    params.put(OidcConfiguration.STATE, state.getValue());
    context.getSessionStore().set(context, OidcConfiguration.STATE_SESSION_ATTRIBUTE, state);
    // Init nonce for replay attack mitigation
    if (configuration.isUseNonce()) {
        final Nonce nonce = new Nonce();
        params.put(OidcConfiguration.NONCE, nonce.getValue());
        context.getSessionStore().set(context, OidcConfiguration.NONCE_SESSION_ATTRIBUTE, nonce.getValue());
    }
}

Also used : Nonce(com.nimbusds.openid.connect.sdk.Nonce) State(com.nimbusds.oauth2.sdk.id.State)

Aggregations

State (com.nimbusds.oauth2.sdk.id.State)1 Nonce (com.nimbusds.openid.connect.sdk.Nonce)1