added cookie to response in auth filter for request objects

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java

@@ -87,7 +87,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 	public void handleAuthorizationRequest(HttpServletRequest request, HttpServletResponse response, 
 			OIDCServerConfiguration serverConfiguration) throws IOException {
 
-			Jwt jwt = createAndSignRequestJwt(request, serverConfiguration);
+			Jwt jwt = createAndSignRequestJwt(request, response, serverConfiguration);
 			
 			Map<String, String> urlVariables = new HashMap<String, String>();
 			
@@ -100,7 +100,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 			response.sendRedirect(authRequest);
 	}
 	
-	public Jwt createAndSignRequestJwt(HttpServletRequest request, OIDCServerConfiguration serverConfiguration) {
+	public Jwt createAndSignRequestJwt(HttpServletRequest request, HttpServletResponse response, OIDCServerConfiguration serverConfiguration) {
 		Jwt jwt = new Jwt();
 		JwtHeader header = jwt.getHeader();
 		JwtClaims claims = jwt.getClaims();
@@ -118,6 +118,8 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter {
 		String nonce = new BigInteger(50, new SecureRandom()).toString(16);
 		Cookie nonceCookie = new Cookie(NONCE_SIGNATURE_COOKIE_NAME, sign(signer, privateKey, nonce.getBytes()));
 		
+		response.addCookie(nonceCookie);
+		
 		claims.setClaim("nonce", nonceCookie);
 		
 		try {