implement nonce hashing #97
Conversation
| final bytes = utf8.encode(rawNonce ?? ''); | ||
| final hashedNonce = sha256.convert(bytes).toString(); | ||
|
|
||
| if (idTokenNonce != hashedNonce) { | ||
| logAndThrow( | ||
| 'Server returned a wrong id_token nonce, might be a replay attack.', | ||
| ); |
There was a problem hiding this comment.
| final bytes = utf8.encode(rawNonce ?? ''); | |
| final hashedNonce = sha256.convert(bytes).toString(); | |
| if (idTokenNonce != hashedNonce) { | |
| logAndThrow( | |
| 'Server returned a wrong id_token nonce, might be a replay attack.', | |
| ); | |
| if (rawNonce != null) { | |
| final bytes = utf8.encode(rawNonce); | |
| final hashedNonce = sha256.convert(bytes).toString(); | |
| if (idTokenNonce != hashedNonce) { | |
| logAndThrow( | |
| 'Server returned a wrong id_token nonce, might be a replay attack.', | |
| ); | |
| } |
There was a problem hiding this comment.
I've made the change breaking because "nonce" inside the token now differs from"rawNonce". If someone for some federation reason implemented an equality check it would fail. This would be really difficult to discover. I'd rather have my code fail if I was using "getNonce()".
What do you think?
There was a problem hiding this comment.
Since we are still storing the raw nonce, the only breaking change is what's being sent in the request.
And what's sent in the request is already an implementation detail abstracted from the user (both nonce and state).
So what the user would see is just a different "look" of the nonce parameter, even if it has a special meaning in the package.
|
What I still don't understand yet is how this affects the IDP at all? does the Idp check if the value is hashed nonce and fails otherwise ? |
Implements Nonce Hashing as suggested in spec: https://openid.net/specs/openid-connect-core-1_0.html#NonceNotes
#96
Description
Type of Change