@@ -186,32 +186,32 @@ export class ResponseValidator {
186186 }
187187 }
188188
189- protected _validateIdTokenAttributes ( response : SigninResponse , currentToken ?: string ) : void {
189+ protected _validateIdTokenAttributes ( response : SigninResponse , existingToken ?: string ) : void {
190190 const logger = this . _logger . create ( "_validateIdTokenAttributes" ) ;
191191
192192 logger . debug ( "decoding ID Token JWT" ) ;
193- const profile = JwtUtils . decode ( response . id_token ?? "" ) ;
193+ const incoming = JwtUtils . decode ( response . id_token ?? "" ) ;
194194
195- if ( ! profile . sub ) {
195+ if ( ! incoming . sub ) {
196196 logger . throw ( new Error ( "ID Token is missing a subject claim" ) ) ;
197197 }
198198
199- if ( currentToken ) {
200- const current = JwtUtils . decode ( currentToken ) ;
201- if ( current . sub !== profile . sub ) {
199+ if ( existingToken ) {
200+ const existing = JwtUtils . decode ( existingToken ) ;
201+ if ( incoming . sub !== existing . sub ) {
202202 logger . throw ( new Error ( "sub in id_token does not match current sub" ) ) ;
203203 }
204- if ( current . auth_time && current . auth_time !== profile . auth_time ) {
204+ if ( incoming . auth_time && incoming . auth_time !== existing . auth_time ) {
205205 logger . throw ( new Error ( "auth_time in id_token does not match original auth_time" ) ) ;
206206 }
207- if ( current . azp && current . azp !== profile . azp ) {
207+ if ( incoming . azp && incoming . azp !== existing . azp ) {
208208 logger . throw ( new Error ( "azp in id_token does not match original azp" ) ) ;
209209 }
210- if ( ! current . azp && profile . azp ) {
210+ if ( ! incoming . azp && existing . azp ) {
211211 logger . throw ( new Error ( "azp not in id_token, but present in original id_token" ) ) ;
212212 }
213213 }
214214
215- response . profile = profile as UserProfile ;
215+ response . profile = incoming as UserProfile ;
216216 }
217217}
0 commit comments