From e238ccf88ac6ae959dc5b9a4ddc0363a681941de Mon Sep 17 00:00:00 2001
From: kaiyou <pierre@jaury.eu>
Date: Mon, 4 Nov 2019 21:42:55 +0100
Subject: [PATCH] Be more lax with nonces

---
 hiboo/sso/oidc.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/hiboo/sso/oidc.py b/hiboo/sso/oidc.py
index eb7f944b..4531dfab 100644
--- a/hiboo/sso/oidc.py
+++ b/hiboo/sso/oidc.py
@@ -69,7 +69,7 @@ class Client(models.db.Model, models_oauth2.OAuth2ClientMixin):
             app=flask.current_app
         )
         self.authorization.register_grant(
-            AuthorizationCodeGrant, [OpenIDCode(required_nonce=True)]
+            AuthorizationCodeGrant, [OpenIDCode(required_nonce=False)]
         )
 
     def query_client(self, client_id):
@@ -138,8 +138,15 @@ class OpenIDCode(oidc.grants.OpenIDCode):
         }
 
     def generate_user_info(self, user, scope):
-        info = oidc.UserInfo(sub=user.uuid, name=user.username)
-        info["email"] = user.email
+        # The login attribute is not standard as per OIDC spec, but it is used
+        # by many RP.
+        info = oidc.UserInfo(
+            sub=user.uuid,
+            name=user.username,
+            prefered_username=user.username,
+            login=user.username,
+            email=user.email
+        )
         return info
 
 
-- 
GitLab