[PR #1185] [MERGED] feat: process nonce within device authorization flow #1083

Closed
opened 2026-02-04 21:15:43 +03:00 by OVERLORD · 0 comments
Owner

📋 Pull Request Information

Original PR: https://github.com/pocket-id/pocket-id/pull/1185
Author: @justincmoy
Created: 1/2/2026
Status: Merged
Merged: 1/4/2026
Merged by: @stonith404

Base: mainHead: device-nonce


📝 Commits (4)

  • 4daba49 Add nonce to device authorization
  • cbdea2d Add field to model
  • ecccc17 Merge branch 'main' into device-nonce
  • 43ae31e rename migrations

📊 Changes

7 files changed (+16 additions, -1 deletions)

View changed files

📝 backend/internal/dto/oidc_dto.go (+1 -0)
📝 backend/internal/model/oidc.go (+1 -0)
📝 backend/internal/service/oidc_service.go (+2 -1)
backend/resources/migrations/postgres/20260104190900_add_nonce_to_device_codes.down.sql (+1 -0)
backend/resources/migrations/postgres/20260104190900_add_nonce_to_device_codes.up.sql (+1 -0)
backend/resources/migrations/sqlite/20260104190900_add_nonce_to_device_codes.down.sql (+5 -0)
backend/resources/migrations/sqlite/20260104190900_add_nonce_to_device_codes.up.sql (+5 -0)

📄 Description

This commit:

  • Accepts a nonce within the device authorization flow
  • Stores the nonce in the database when the device code is created
  • Returns the nonce with the token once the device code is authorized

A nonce is useful in this flow to prevent token replay attacks.


🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/pocket-id/pocket-id/pull/1185 **Author:** [@justincmoy](https://github.com/justincmoy) **Created:** 1/2/2026 **Status:** ✅ Merged **Merged:** 1/4/2026 **Merged by:** [@stonith404](https://github.com/stonith404) **Base:** `main` ← **Head:** `device-nonce` --- ### 📝 Commits (4) - [`4daba49`](https://github.com/pocket-id/pocket-id/commit/4daba49b6cd9222675ede0ec0b4056fb40f83e3e) Add nonce to device authorization - [`cbdea2d`](https://github.com/pocket-id/pocket-id/commit/cbdea2d54772107abb0a0bc9aa2de0bd16e95f79) Add field to model - [`ecccc17`](https://github.com/pocket-id/pocket-id/commit/ecccc176feb110be84474b9413bffc2d964af3c8) Merge branch 'main' into device-nonce - [`43ae31e`](https://github.com/pocket-id/pocket-id/commit/43ae31e6bdfbb69fad875002e940abb5630a291c) rename migrations ### 📊 Changes **7 files changed** (+16 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `backend/internal/dto/oidc_dto.go` (+1 -0) 📝 `backend/internal/model/oidc.go` (+1 -0) 📝 `backend/internal/service/oidc_service.go` (+2 -1) ➕ `backend/resources/migrations/postgres/20260104190900_add_nonce_to_device_codes.down.sql` (+1 -0) ➕ `backend/resources/migrations/postgres/20260104190900_add_nonce_to_device_codes.up.sql` (+1 -0) ➕ `backend/resources/migrations/sqlite/20260104190900_add_nonce_to_device_codes.down.sql` (+5 -0) ➕ `backend/resources/migrations/sqlite/20260104190900_add_nonce_to_device_codes.up.sql` (+5 -0) </details> ### 📄 Description This commit: - Accepts a nonce within the device authorization flow - Stores the nonce in the database when the device code is created - Returns the nonce with the token once the device code is authorized A nonce is useful in this flow to prevent token replay attacks. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
OVERLORD added the pull-request label 2026-02-04 21:15:43 +03:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/pocket-id#1083