bshaffer · ashfame · Sep 21, 2022 · Oct 4, 2022
diff --git a/src/OAuth2/OpenID/Controller/AuthorizeController.php b/src/OAuth2/OpenID/Controller/AuthorizeController.php
@@ -79,7 +79,7 @@ public function validateAuthorizeRequest(RequestInterface $request, ResponseInte
             return false;
         }
 
-        $nonce = $request->query('nonce');
+        $nonce = $request->query('nonce', $request->request('nonce'));
 
         // Validate required nonce for "id_token" and "id_token token"
         if (!$nonce && in_array($this->getResponseType(), array(self::RESPONSE_TYPE_ID_TOKEN, self::RESPONSE_TYPE_ID_TOKEN_TOKEN))) {