feat: add nonce claim support to oidc server (#686)

* feat: add nonce claim support to oidc server * fix: review feedback
2026-03-06 14:52:02 +00:00 · 2026-03-04 15:34:11 +02:00
parent 0e6bcf9713
commit 6bf444010b
11 changed files with 78 additions and 36 deletions
--- a/sql/oidc_queries.sql
+++ b/sql/oidc_queries.sql
@@ -5,9 +5,10 @@ INSERT INTO "oidc_codes" (
    "scope",
    "redirect_uri",
    "client_id",
-    "expires_at"
+    "expires_at",
+    "nonce"
 ) VALUES (
-    ?, ?, ?, ?, ?, ?
+    ?, ?, ?, ?, ?, ?, ?
 )
 RETURNING *;

@@ -45,9 +46,10 @@ INSERT INTO "oidc_tokens" (
    "scope",
    "client_id",
    "token_expires_at",
-    "refresh_token_expires_at"
+    "refresh_token_expires_at",
+    "nonce"
 ) VALUES (
-    ?, ?, ?, ?, ?, ?, ?
+    ?, ?, ?, ?, ?, ?, ?, ?
 )
 RETURNING *;

@@ -72,7 +74,6 @@ WHERE "refresh_token_hash" = ?;
 SELECT * FROM "oidc_tokens"
 WHERE "sub" = ?;

-
 -- name: DeleteOidcToken :exec
 DELETE FROM "oidc_tokens"
 WHERE "access_token_hash" = ?;
--- a/sql/oidc_schemas.sql
+++ b/sql/oidc_schemas.sql
@@ -4,7 +4,8 @@ CREATE TABLE IF NOT EXISTS "oidc_codes" (
    "scope" TEXT NOT NULL,
    "redirect_uri" TEXT NOT NULL,
    "client_id" TEXT NOT NULL,
-    "expires_at" INTEGER NOT NULL
+    "expires_at" INTEGER NOT NULL,
+    "nonce" TEXT DEFAULT ""
 );

 CREATE TABLE IF NOT EXISTS "oidc_tokens" (
@@ -14,7 +15,8 @@ CREATE TABLE IF NOT EXISTS "oidc_tokens" (
    "scope" TEXT NOT NULL,
    "client_id" TEXT NOT NULL,
    "token_expires_at" INTEGER NOT NULL,
-    "refresh_token_expires_at" INTEGER NOT NULL
+    "refresh_token_expires_at" INTEGER NOT NULL,
+    "nonce" TEXT DEFAULT ""
 );

 CREATE TABLE IF NOT EXISTS "oidc_userinfo" (