Remove nonce from Google auth URL parameters (#79)

* Remove nonce parameter from Google's auth URL There is no need for a nonce, it is not mentionned in the documentation for web / mobile apps: https://developers.google.com/identity/protocols/oauth2/web-server#creatingclient https://developers.google.com/identity/protocols/oauth2/native-app#step-2:-send-a-request-to-googles-oauth-2.0-server * Remove comment about nonce from Google documentation * Update google.ts --------- Co-authored-by: pilcrow <[email protected]>
pilcrowonpaper · Mar 9, 2024 · 3b963ce · 3b963ce
1 parent 382e1eb
commit 3b963ce
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 4 deletions.
diff --git a/docs/pages/providers/google.md b/docs/pages/providers/google.md
@@ -4,7 +4,7 @@ title: "Google"
 
 # Google
 
-Implements OpenID Connect. By default, `nonce` is set to `_`.
+Implements OpenID Connect.
 
 For usage, see [OAuth 2.0 provider with PKCE](/guides/oauth2-pkce).
 

diff --git a/src/providers/google.ts b/src/providers/google.ts
@@ -25,13 +25,11 @@ export class Google implements OAuth2ProviderWithPKCE {
 		}
 	): Promise<URL> {
 		const scopes = options?.scopes ?? [];
-		const url = await this.client.createAuthorizationURL({
+		return await this.client.createAuthorizationURL({
 			state,
 			codeVerifier,
 			scopes: [...scopes, "openid"]
 		});
-		url.searchParams.set("nonce", "_");
-		return url;
 	}
 
 	public async validateAuthorizationCode(