• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

malach-it / boruta_auth / 7d392f0e79f4da405dae0d84eb9d6ecbc31942f4-PR-56 / 2
79%
master: 85%

Build:
Build:
LAST BUILD BRANCH: v2-3
DEFAULT BRANCH: master
Ran 16 Dec 2025 01:11PM UTC
Files 134
Run time 6s
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

16 Dec 2025 12:38PM UTC coverage: 78.794% (-6.7%) from 85.506%
7d392f0e79f4da405dae0d84eb9d6ecbc31942f4-PR-56.2

Pull #56

github

metemaad
fix: only include nonce claim in id_token when provided in auth request

When no nonce is sent in the authorization request (nonce is nil or empty
string), the id_token should not include the nonce claim. Including an empty
nonce causes validation failures with some OIDC relying parties.

Per OIDC Core spec section 2, the nonce claim is optional and should only
be present if a nonce was sent in the authentication request.

This fixes issues with AWS ALB OIDC authentication, which does not send
a nonce parameter but validates the id_token and fails when an empty
nonce claim is present.

Changes:
- Modified maybe_put_nonce helper to skip nonce claim when nil or empty
- Added tests for nonce handling (nil, empty string, and valid nonce)
Pull Request #56: fix: only include nonce claim in id_token when provided in auth request

1464 of 1858 relevant lines covered (78.79%)

138.15 hits per line

Source Files on job 7d392f0e79f4da405dae0d84eb9d6ecbc31942f4-PR-56.2
  • Tree
  • List 134
  • Changed 9
  • Source Changed 0
  • Coverage Changed 9
Coverage ∆ File Lines Relevant Covered Missed Hits/Line
  • Back to Build 7
  • 7d392f0e on github
  • Prev Job for on fix/optional-nonce-in-id-token (#9d70b02a004282b87d14e5bfd4d37596013df0ba.1)
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2026 Coveralls, Inc