From 071b43b29524a83c328cce7104e36c9d79057420 Mon Sep 17 00:00:00 2001
From: Evert Prants <evert@lunasqu.ee>
Date: Mon, 7 Mar 2022 22:05:21 +0200
Subject: [PATCH] some changes

---
 src/controller/authorization.ts            |  2 +-
 src/controller/tokens/authorizationCode.ts |  6 +-----
 src/model/model.ts                         | 22 ++++++++++++++++------
 3 files changed, 18 insertions(+), 12 deletions(-)

diff --git a/src/controller/authorization.ts b/src/controller/authorization.ts
index 6168421..4f5c224 100644
--- a/src/controller/authorization.ts
+++ b/src/controller/authorization.ts
@@ -220,7 +220,7 @@ export const authorization = wrap(async (req, res) => {
         data = await oauth2.model.jwt.issueIdToken(
           user,
           scope,
-          resObj.access_token as string | undefined
+          req.query.nonce as string | undefined
         );
 
         resObj = {
diff --git a/src/controller/tokens/authorizationCode.ts b/src/controller/tokens/authorizationCode.ts
index c3b08b0..338df16 100644
--- a/src/controller/tokens/authorizationCode.ts
+++ b/src/controller/tokens/authorizationCode.ts
@@ -116,11 +116,7 @@ export async function authorizationCode(
     );
 
     try {
-      respObj.id_token = await oauth2.model.jwt.issueIdToken(
-        user,
-        cleanScope,
-        respObj.access_token
-      );
+      respObj.id_token = await oauth2.model.jwt.issueIdToken(user, cleanScope);
     } catch (err) {
       oauth2.logger.error(err);
       throw new ServerError('Failed to issue an ID token');
diff --git a/src/model/model.ts b/src/model/model.ts
index ddbe952..e7c60ea 100644
--- a/src/model/model.ts
+++ b/src/model/model.ts
@@ -316,17 +316,15 @@ export interface OAuth2UserAdapter {
 export interface JWTAdapter {
   /**
    * Issue a new ID token for user.
+   * @param user User data object obtained from the User adapter, must implement `OAuth2User` interface.
+   * @param scope String-list of scopes (usually used to determine the claims)
+   * @param nonce Cryptographic key passed to the authentication request, *must* be passed along as a claim.
    */
   issueIdToken: (
     user: OAuth2User,
     scope: string[],
-    accessToken?: string
+    nonce?: string
   ) => Promise<string>;
-
-  /**
-   * Validate an ID token
-   */
-  validateIdToken: (idToken: string) => Promise<boolean>;
 }
 
 /**
@@ -357,7 +355,19 @@ export interface OAuth2AdapterModel {
  * OAuth2 adapter
  */
 export interface OAuth2 {
+  /**
+   * Adapter for the OAuth2 data models.
+   */
   model: OAuth2AdapterModel;
+
+  /**
+   * Logger wrapper, use a logger of your choice by calling `logger.setLogger(...)`.
+   * To disable, use `logger.setLogLevel('none')`.
+   */
   logger: OAuth2Logger;
+
+  /**
+   * Render function for the OAuth2 decision page
+   */
   decision: RenderOAuth2Decision;
 }