Added setNonce to JwtClaims.

openid-connect-common/src/main/java/org/mitre/jwt/model/JwtClaims.java

@@ -22,6 +22,7 @@ public class JwtClaims extends ClaimSet {
 	public static final String ISSUED_AT = "iat";
 	public static final String NOT_BEFORE = "nbf";
 	public static final String EXPIRATION = "exp";
+	public static final String NONCE = "nonce";
 
 	/**
 	 * ISO8601 / RFC3339 Date Format
@@ -63,7 +64,9 @@ public class JwtClaims extends ClaimSet {
 	        	setJwtId(element.getValue().getAsString());
 	        } else if (element.getKey().equals(TYPE)) {	        	
 	        	setType(element.getValue().getAsString());
-	        } else {
+	        } else if (element.getKey().equals(NONCE)){
+	        	setType(element.getValue().getAsString());
+	        }else {
 	        	pass.add(element.getKey(), element.getValue());
 	        }
         }
@@ -184,5 +187,18 @@ public class JwtClaims extends ClaimSet {
     	setClaim(TYPE, type);
     }
     
+    /**
+     * @return the nonce
+     */
+    public String getNonce() {
+    	return getClaimAsString(NONCE);
+    }
+    
+    /**
+     * @param nonce the nonce to set
+     */
+    public void setNonce(String nonce) {
+    	setClaim(NONCE, nonce);
+    }
 
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java

@@ -106,6 +106,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 
 		String authorizationCode = parameters.get("code");
 		String redirectUri = parameters.get("redirect_uri");
+		String nonce = parameters.get("nonce");
 
 		if (authorizationCode == null) {
 			throw new OAuth2Exception("An authorization code must be supplied.");
@@ -144,9 +145,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 		OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) tokenServices.createAccessToken(new OAuth2Authentication(authorizationRequest, userAuth));
 		
 		token.getJwt().getClaims().setAudience(clientId);
-
+		
-		//TODO: need to get base url, but Utility.findBaseUrl() needs access to a request object, which we don't have
-		//See github issue #1
 		token.getJwt().getClaims().setIssuer(configBean.getIssuer());
 
 		token.getJwt().getClaims().setIssuedAt(new Date());
@@ -168,6 +167,9 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 			idToken.getClaims().setAudience(clientId);
 			idToken.getClaims().setIssuedAt(new Date());
 			idToken.getClaims().setIssuer(configBean.getIssuer());
+			if (nonce != null && nonce.length() > 0) {
+				idToken.getClaims().setNonce(nonce);
+			}
 			// TODO: expiration? other fields?
 			
 			//Sign