From d99625156b006736750e9cca4a56ec0a85208bb1 Mon Sep 17 00:00:00 2001
From: Ashfame <mail@ashfame.com>
Date: Wed, 21 Sep 2022 11:42:09 +0400
Subject: [PATCH 1/2] pick up nonce correctly in authorize endpoint since it
 could be a POST request as well

this leads to missing nonce in id_token when set by the oauth client, breaking OIDC
---
 src/OAuth2/OpenID/Controller/AuthorizeController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OAuth2/OpenID/Controller/AuthorizeController.php b/src/OAuth2/OpenID/Controller/AuthorizeController.php
index 54c5f9a63..8749c1f07 100644
--- a/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ b/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -79,7 +79,7 @@ public function validateAuthorizeRequest(RequestInterface $request, ResponseInte
             return false;
         }
 
-        $nonce = $request->query('nonce');
+        $nonce = $request->request('nonce');
 
         // Validate required nonce for "id_token" and "id_token token"
         if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {

From 53c0f11b5c1d6f6e152a3892d164e84d92aa2768 Mon Sep 17 00:00:00 2001
From: Ashfame <mail@ashfame.com>
Date: Tue, 4 Oct 2022 21:46:03 +0400
Subject: [PATCH 2/2] request property doesn't work like $_REQUEST, hence
 pickup from $_GET with default from $_POST

---
 src/OAuth2/OpenID/Controller/AuthorizeController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/OAuth2/OpenID/Controller/AuthorizeController.php b/src/OAuth2/OpenID/Controller/AuthorizeController.php
index 8749c1f07..a1ee2ea1b 100644
--- a/src/OAuth2/OpenID/Controller/AuthorizeController.php
+++ b/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -79,7 +79,7 @@ public function validateAuthorizeRequest(RequestInterface $request, ResponseInte
             return false;
         }
 
-        $nonce = $request->request('nonce');
+        $nonce = $request->query('nonce', $request->request('nonce'));
 
         // Validate required nonce for "id_token" and "id_token token"
         if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {