From da17f51778a3f5b40fc601729f603fcee0d0da2a Mon Sep 17 00:00:00 2001
From: Son NK <>
Date: Thu, 1 Apr 2021 12:35:21 +0200
Subject: [PATCH] add AuthorizationCode.nonce

---
 app/models.py                | 6 +++---
 app/oauth/views/authorize.py | 1 +
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/models.py b/app/models.py
index 8bbf3436..b2d2e20d 100644
--- a/app/models.py
+++ b/app/models.py
@@ -902,6 +902,8 @@ class AuthorizationCode(db.Model, ModelMixin):
     # what is the input response_type, e.g. "code", "code,id_token", ...
     response_type = db.Column(db.String(128))
 
+    nonce = db.Column(db.Text, nullable=True, default=None, server_default=text("NULL"))
+
     user = db.relationship(User, lazy=False)
     client = db.relationship(Client, lazy=False)
 
@@ -1187,9 +1189,7 @@ class ClientUser(db.Model, ModelMixin):
         db.String(128), nullable=True, default=None, server_default=text("NULL")
     )
 
-    nonce = db.Column(
-        db.Text, nullable=True, default=None, server_default=text("NULL")
-    )
+    nonce = db.Column(db.Text, nullable=True, default=None, server_default=text("NULL"))
 
     # user can decide to send to client a default avatar
     default_avatar = db.Column(
diff --git a/app/oauth/views/authorize.py b/app/oauth/views/authorize.py
index 8ac244bc..8ad72bc3 100644
--- a/app/oauth/views/authorize.py
+++ b/app/oauth/views/authorize.py
@@ -271,6 +271,7 @@ def authorize():
                 scope=scope,
                 redirect_uri=redirect_uri,
                 response_type=response_types_to_str(response_types),
+                nonce=nonce
             )
             db.session.add(auth_code)
             redirect_args["code"] = auth_code.code