OIDC Nonce and OAuth State Support

[luizgustavo09]

Summary

This PR adds two complementary security mechanisms to the authorization flow: an OIDC nonce for replay attack prevention and an OAuth state parameter for CSRF protection at the callback level.

Nonce

A random nonce is now generated on every authorization request. It is sent in /authorize and validated after token exchange against the nonce claim in the returned id_token.
Client can supply their own nonce via AuthorizationCodeAuthProvider(nonce:), If no nonce is provided, the SDK generates one automatically.
Validation follows OIDC Core §3.1.3.7.

State

A random state is always generated internally and is not exposed to callers. It is sent in /authorize and validated on the callback before the authorization code is extracted.

Test plan

Manual

1. Run the example app with openid profile scopes and shouldExchangeAuthCode: true
2. Complete the login flow
3. Verify client.nonce is non-nil in the completion handler
4. Confirm no .nonceMismatch or .stateMismatch errors

References

• OIDC Core 1.0 — §3.1.2.1 Authorization Endpoint — nonce parameter definition
• OIDC Core 1.0 — §3.1.3.7 ID Token Validation — point 11: nonce MUST be present and checked
• RFC 6749 — §10.12 Cross-Site Request Forgery — state parameter for CSRF prevention
• RFC 9126 — Pushed Authorization Requests — PAR nonce/state inclusion
• RFC 4648 §5 — Base 64 Encoding with URL and Filename Safe Alphabet — base64url encoding used for nonce and state
• AppAuth-iOS — reference implementation patterns for nonce generation and state validation

[mohssenfathi]

I'm guessing the reason we don't immediately store this in pendingNonce and instead do nonce > clientNonce > pendingNonce is that the client can use AuthorizationCodeAuthProvider multiple times?
Do we instead need to pass in some "nonceProvider"? What happens if we execute multiple auth requests with the same nonce provided by the caller?

[luizgustavo09]

is that the client can use AuthorizationCodeAuthProvider multiple times?

Yes!

Do we instead need to pass in some "nonceProvider"?

Let me add it, much better than have this nonce > clientNonce > pendingNonce within the class

What happens if we execute multiple auth requests with the same nonce provided by the caller?

Hmm the SDK doesn't handle this, if the client don't pass the nonce is fine because the at every call we create a new one, but if the client pass nonce in AuthorizationCodeAuthProvider and execute multiple calls we are gonna reuse the param.

Do you have any suggestion to handle this?

[mohssenfathi]

A provider would solve this right? As long as it generates a unique nonce every time

[luizgustavo09]

Make it here

We're gonna use the nonce provided on the init of AuthorizationCodeAuthProvider only once

[mohssenfathi]

If you can, in a later PR can you update the example app with these changes