disableNonceCheck always leads to an error #1210
Description
on version 13.0.1
Current behavior
Passing { disableNonceCheck: true } to tryLoginCodeFlow (or other calling methods) will always result in Promise.reject()
The method is as following:
if (!options.disableNonceCheck) { ... }
return Promise.reject();
therefore, it will always result in an error.
Expected behavior
code should probably be something like:
if (!options.disableNonceCheck) {
if (!nonceInState) {
this.saveRequestedRoute();
return Promise.resolve();
}
if (!options.disableOAuth2StateCheck) {
const success = this.validateNonce(nonceInState);
if (!success) {
const event = new OAuthErrorEvent('invalid_nonce_in_state', null);
this.eventsSubject.next(event);
return Promise.reject(event);
}
}
}
this.storeSessionState(sessionState);
if (code) {
await this.getTokenFromCode(code, options);
this.restoreRequestedRoute();
return Promise.resolve();
}
else {
return Promise.resolve();
}