moved nonce from client to auhtorization

Signed-off-by: Stephan Richter <s.richter@srsoftware.de>

de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/AuthorizationService.java

@@ -8,7 +8,7 @@ import java.util.Collection;
 import java.util.Optional;
 
 public interface AuthorizationService {
-	AuthorizationService    authorize(String userId, String clientId, Collection<String> scopes, Instant expiration);
+	AuthorizationService    authorize(String userId, String clientId, Collection<String> scopes, String nonce, Instant expiration);
 	Optional<Authorization> consumeAuthorization(String authCode);
 	AuthResult	        getAuthorization(String userId, String clientId, Collection<String> scopes);
 }

de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/data/Authorization.java

@@ -1,5 +1,5 @@
 /* © SRSoftware 2024 */
 package de.srsoftware.oidc.api.data;
 
-public record Authorization(String clientId, String userId, AuthorizedScopes scopes) {
+public record Authorization(String clientId, String userId, AuthorizedScopes scopes, String nonce) {
 }

de.srsoftware.oidc.api/src/main/java/de/srsoftware/oidc/api/data/Client.java

@@ -3,14 +3,12 @@ package de.srsoftware.oidc.api.data;
 
 
 import static de.srsoftware.oidc.api.Constants.*;
-import static de.srsoftware.utils.Optionals.nullable;
 
 import java.util.*;
 
 public final class Client {
 	private static System.Logger LOG = System.getLogger(Client.class.getSimpleName());
 	private final String         id, name, secret;
-	private String	             nonce = null;
 	private final Set<String> redirectUris;
 
 	public Client(String id, String name, String secret, Set<String> redirectUris) {
@@ -33,16 +31,6 @@ public final class Client {
 		return name;
 	}
 
-	public Client nonce(String newVal) {
-		nonce = newVal;
-		;
-		return this;
-	}
-
-	public Optional nonce() {
-		return nullable(nonce);
-	}
-
 	public String secret() {
 		return secret;
 	}

de.srsoftware.oidc.api/src/test/java/de/srsoftware/oidc/api/AuthServiceTest.java

@@ -26,9 +26,10 @@ public abstract class AuthServiceTest {
 		var authorizationService = authorizationService();
 		var userId1	         = uuid();
 		var expiration	         = Instant.now();
-		authorizationService.authorize(userId1, CLIENT1, SCOPES1, expiration);
-		expiration = Instant.now().plusSeconds(3600).truncatedTo(SECONDS);      // test overwrite
-		authorizationService.authorize(userId1, CLIENT1, SCOPES1, expiration);  // test overwrite
+		var nonce	         = uuid();
+		authorizationService.authorize(userId1, CLIENT1, SCOPES1, nonce, expiration);
+		expiration = Instant.now().plusSeconds(3600).truncatedTo(SECONDS);             // test overwrite
+		authorizationService.authorize(userId1, CLIENT1, SCOPES1, nonce, expiration);  // test overwrite
 		var authorization = authorizationService.getAuthorization(userId1, CLIENT1, Set.of(OPENID));
 		assertEquals(1, authorization.authorizedScopes().scopes().size());
 		assertTrue(authorization.authorizedScopes().scopes().contains(OPENID));
@@ -52,9 +53,10 @@ public abstract class AuthServiceTest {
 	public void testConsume() {
 		var authorizationService = authorizationService();
 
+		var nonce      = uuid();
 		var userId1    = uuid();
 		var expiration = Instant.now().plusSeconds(3600).truncatedTo(SECONDS);
-		authorizationService.authorize(userId1, CLIENT1, SCOPES1, expiration);
+		authorizationService.authorize(userId1, CLIENT1, SCOPES1, nonce, expiration);
 		var authResult = authorizationService.getAuthorization(userId1, CLIENT1, Set.of(OPENID));
 		var authCode   = authResult.authCode();
 		assertNotNull(authCode);
@@ -72,4 +74,6 @@ public abstract class AuthServiceTest {
 		optAuth = authorizationService.consumeAuthorization(authCode);
 		assertTrue(optAuth.isEmpty());
 	}
+
+	// TODO: test nonce passing
 }