some changes

src/controller/authorization.ts

@@ -220,7 +220,7 @@ export const authorization = wrap(async (req, res) => {
         data = await oauth2.model.jwt.issueIdToken(
           user,
           scope,
-          resObj.access_token as string | undefined
+          req.query.nonce as string | undefined
         );
 
         resObj = {

src/controller/tokens/authorizationCode.ts

@@ -116,11 +116,7 @@ export async function authorizationCode(
     );
 
     try {
-      respObj.id_token = await oauth2.model.jwt.issueIdToken(
-        user,
-        cleanScope,
-        respObj.access_token
-      );
+      respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope);
     } catch (err) {
       oauth2.logger.error(err);
       throw new ServerError('Failed to issue an ID token');

src/model/model.ts

@@ -316,17 +316,15 @@ export interface OAuth2UserAdapter {
 export interface JWTAdapter {
   /**
    * Issue a new ID token for user.
+   * @param user User data object obtained from the User adapter, must implement `OAuth2User` interface.
+   * @param scope String-list of scopes (usually used to determine the claims)
+   * @param nonce Cryptographic key passed to the authentication request, *must* be passed along as a claim.
    */
   issueIdToken: (
     user: OAuth2User,
     scope: string[],
-    accessToken?: string
+    nonce?: string
   ) => Promise<string>;
-
-  /**
-   * Validate an ID token
-   */
-  validateIdToken: (idToken: string) => Promise<boolean>;
 }
 
 /**
@@ -357,7 +355,19 @@ export interface OAuth2AdapterModel {
  * OAuth2 adapter
  */
 export interface OAuth2 {
+  /**
+   * Adapter for the OAuth2 data models.
+   */
   model: OAuth2AdapterModel;
+
+  /**
+   * Logger wrapper, use a logger of your choice by calling `logger.setLogger(...)`.
+   * To disable, use `logger.setLogLevel('none')`.
+   */
   logger: OAuth2Logger;
+
+  /**
+   * Render function for the OAuth2 decision page
+   */
   decision: RenderOAuth2Decision;
 }