You are here

protected function AuthController::compareNonce in Auth0 Single Sign On 8

Do our one-time check against the nonce stored in session

1 call to AuthController::compareNonce()
AuthController::callback in src/Controller/AuthController.php
Handles the callback for the oauth transaction.

File

src/Controller/AuthController.php, line 148

Class

AuthController
Controller routines for auth0 authentication.

Namespace

Drupal\auth0\Controller

Code

protected function compareNonce($nonce) {
  $nonces = $this->tempStore
    ->get(AuthController::NONCE);
  if (!is_array($nonces)) {
    $this->logger
      ->error("Couldn't verify state because there was no nonce in storage");
    return FALSE;
  }
  $index = array_search($nonce, $nonces);
  if ($index !== FALSE) {
    unset($nonces[$index]);
    $this->tempStore
      ->set(AuthController::NONCE, $nonces);
    return TRUE;
  }
  $this->logger
    ->error("{$nonce} not found in: " . implode(',', $nonces));
  return FALSE;
}