From 3b963ce2f553bead435faefb70cccd96dfb0b576 Mon Sep 17 00:00:00 2001
From: Alexandre Syenchuk <alexpirine@users.noreply.github.com>
Date: Sat, 9 Mar 2024 13:55:36 +0100
Subject: [PATCH] Remove nonce from Google auth URL parameters (#79)

* Remove nonce parameter from Google's auth URL

There is no need for a nonce, it is not mentionned in the documentation for web / mobile apps:

https://developers.google.com/identity/protocols/oauth2/web-server#creatingclient

https://developers.google.com/identity/protocols/oauth2/native-app#step-2:-send-a-request-to-googles-oauth-2.0-server

* Remove comment about nonce from Google documentation

* Update google.ts

---------

Co-authored-by: pilcrow <pilcrowonpaper@gmail.com>
---
 docs/pages/providers/google.md | 2 +-
 src/providers/google.ts        | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/docs/pages/providers/google.md b/docs/pages/providers/google.md
index e057edeb..01d0ca4f 100644
--- a/docs/pages/providers/google.md
+++ b/docs/pages/providers/google.md
@@ -4,7 +4,7 @@ title: "Google"
 
 # Google
 
-Implements OpenID Connect. By default, `nonce` is set to `_`.
+Implements OpenID Connect.
 
 For usage, see [OAuth 2.0 provider with PKCE](/guides/oauth2-pkce).
 
diff --git a/src/providers/google.ts b/src/providers/google.ts
index 45e748e2..2a83099a 100644
--- a/src/providers/google.ts
+++ b/src/providers/google.ts
@@ -25,13 +25,11 @@ export class Google implements OAuth2ProviderWithPKCE {
 		}
 	): Promise<URL> {
 		const scopes = options?.scopes ?? [];
-		const url = await this.client.createAuthorizationURL({
+		return await this.client.createAuthorizationURL({
 			state,
 			codeVerifier,
 			scopes: [...scopes, "openid"]
 		});
-		url.searchParams.set("nonce", "_");
-		return url;
 	}
 
 	public async validateAuthorizationCode(