Revert "added option to send skip sending nonce if desired, closes #704, closes #683,"

This reverts commit bbeaeb06e3.

Conflicts:
	openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java
	openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java

@@ -254,10 +254,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 			session.setAttribute(REDIRECT_URI_SESION_VARIABLE, redirectUri);
 
 			// this value comes back in the id token and is checked there
-			String nonce = null;
+			String nonce = createNonce(session);
-			if (serverConfig.isNonceEnabled()) {
-				nonce = createNonce(session);
-			}
 
 			// this value comes back in the auth code response
 			String state = createState(session);
@@ -565,8 +562,6 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 
 				// compare the nonce to our stored claim
 				String nonce = idClaims.getStringClaim("nonce");
-
-				if (serverConfig.isNonceEnabled()) {
 				if (Strings.isNullOrEmpty(nonce)) {
 
 					logger.error("ID token did not contain a nonce claim.");
@@ -583,13 +578,6 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
 							"Possible replay attack detected! The comparison of the nonce in the returned "
 									+ "ID Token to the session " + NONCE_SESSION_VARIABLE + " failed. Expected " + storedNonce + " got " + nonce + ".");
 				}
-				} else {
-					if (!Strings.isNullOrEmpty(nonce)) {
-						logger.error("Possible injection attack! The server returned a nonce value where none was sent or expected: " + nonce);
-						throw new AuthenticationServiceException(
-								"Possible injection attack! The server returned a nonce value where none was sent or expected: " + nonce);
-					}
-				}
 
 				// pull the subject (user id) out as a claim on the id_token
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/EncryptedAuthRequestUrlBuilder.java

@@ -68,9 +68,7 @@ public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
 		claims.setClaim("redirect_uri", redirectUri);
 
 		// this comes back in the id token
-		if (nonce != null) {
 		claims.setClaim("nonce", nonce);
-		}
 
 		// this comes back in the auth request return
 		claims.setClaim("state", state);

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/PlainAuthRequestUrlBuilder.java

@@ -54,9 +54,7 @@ public class PlainAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
 
 			uriBuilder.addParameter("redirect_uri", redirectUri);
 
-			if (nonce != null) {
 			uriBuilder.addParameter("nonce", nonce);
-			}
 
 			uriBuilder.addParameter("state", state);
 

openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/SignedAuthRequestUrlBuilder.java

@@ -62,9 +62,7 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
 		claims.setClaim("redirect_uri", redirectUri);
 
 		// this comes back in the id token
-		if (nonce != null) {
 		claims.setClaim("nonce", nonce);
-		}
 
 		// this comes back in the auth request return
 		claims.setClaim("state", state);

openid-connect-common/src/main/java/org/mitre/openid/connect/config/ServerConfiguration.java

@@ -219,9 +219,6 @@ public class ServerConfiguration {
 		QUERY;
 	}
 
-	// do we create and send a nonce value?
-	private boolean nonceEnabled = true;
-
 	/**
 	 * @return the authorizationEndpointUri
 	 */
@@ -680,23 +677,6 @@ public class ServerConfiguration {
 	public void setUserInfoTokenMethod(UserInfoTokenMethod userInfoTokenMethod) {
 		this.userInfoTokenMethod = userInfoTokenMethod;
 	}
-
-
-	/**
-	 * @return the nonceEnabled
-	 */
-	public boolean isNonceEnabled() {
-		return nonceEnabled;
-	}
-	/**
-	 * @param nonceEnabled the nonceEnabled to set
-	 */
-	public void setNonceEnabled(boolean nonceEnabled) {
-		this.nonceEnabled = nonceEnabled;
-	}
-	/* (non-Javadoc)
-	 * @see java.lang.Object#hashCode()
-	 */
 	@Override
 	public int hashCode() {
 		final int prime = 31;
@@ -757,7 +737,6 @@ public class ServerConfiguration {
 						: introspectionEndpointUri.hashCode());
 		result = prime * result + ((issuer == null) ? 0 : issuer.hashCode());
 		result = prime * result + ((jwksUri == null) ? 0 : jwksUri.hashCode());
-		result = prime * result + (nonceEnabled ? 1231 : 1237);
 		result = prime * result
 				+ ((opPolicyUri == null) ? 0 : opPolicyUri.hashCode());
 		result = prime * result
@@ -823,10 +802,6 @@ public class ServerConfiguration {
 				* result
 				+ ((uiLocalesSupported == null) ? 0 : uiLocalesSupported
 						.hashCode());
-		result = prime
-				* result
-				+ ((userInfoTokenMethod == null) ? 0 : userInfoTokenMethod
-						.hashCode());
 		result = prime * result
 				+ ((userInfoUri == null) ? 0 : userInfoUri.hashCode());
 		result = prime
@@ -843,9 +818,6 @@ public class ServerConfiguration {
 						: userinfoSigningAlgValuesSupported.hashCode());
 		return result;
 	}
-	/* (non-Javadoc)
-	 * @see java.lang.Object#equals(java.lang.Object)
-	 */
 	@Override
 	public boolean equals(Object obj) {
 		if (this == obj) {
@@ -976,9 +948,6 @@ public class ServerConfiguration {
 		} else if (!jwksUri.equals(other.jwksUri)) {
 			return false;
 		}
-		if (nonceEnabled != other.nonceEnabled) {
-			return false;
-		}
 		if (opPolicyUri == null) {
 			if (other.opPolicyUri != null) {
 				return false;
@@ -1114,9 +1083,6 @@ public class ServerConfiguration {
 		} else if (!uiLocalesSupported.equals(other.uiLocalesSupported)) {
 			return false;
 		}
-		if (userInfoTokenMethod != other.userInfoTokenMethod) {
-			return false;
-		}
 		if (userInfoUri == null) {
 			if (other.userInfoUri != null) {
 				return false;
@@ -1151,4 +1117,5 @@ public class ServerConfiguration {
 		return true;
 	}
 
+
 }