nonce and state minimum length of 32 characters is not met

[benjaminstokes]

Ran into an issue integrating this demo application with login.gov where the state and nonce parameters are too short. Login.gov (in the integration environment) is returning error messages stating state and nonce minimum is 32 characters.

To be clear, the docs (https://developers.login.gov/oidc/#authorization) are very clear about this requirement, but this demo (and maybe others that use the mitreid-connect) is running into this scenario.

Example error message:

Redirected error to my demo application from login.gov integration environment:
https://my-test-app.gov/openid_connect_login?error=invalid_request&error_description=State+is+too+short+%28minimum+is+32+characters%29+Nonce+is+too+short+%28minimum+is+32+characters%29&state=312ad7da3cc25

I think the source of this issue is how the nonce and state values are created in the mitreid-connect dependency of this demo app at these lines:

Nonce creation:
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/blob/master/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java#L677

State creation:
https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/blob/master/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java#L698

[benjaminstokes]

@jricher tagging you for awareness

[brodygov]

Thanks for reporting this. Looks like that nonce creation function should create a 32 character nonce instead. Pull requests are welcome, of course!

[benjaminstokes]

@brodygov I may have some time to get a PR in.

The only information I can find about state and nonce length requirements is in the OIDC iGov profile[1] which says "Must contain a sufficient amount of entropy to avoid guessing."

Any insight on how/why the length requirement was chosen at Login.gov? That might be helpful to shape how a PR is made ie to balance backward compatibility with a configuration against security by enforcing 32 char length.

1. https://xml2rfc.tools.ietf.org/cgi-bin/xml2rfc.cgi?Submit=Submit&format=ascii&mode=html&type=ascii&url=https://bitbucket.org/openid/igov/raw/master/openid-igov-profile.xml#rfc.section.2.1

[brodygov]

I doubt there was any particularly strong reason to choose 32 characters. 16 bytes (128 bits) would match AES-128, 32 bytes (256 bits) would match AES-256.

There's also no need to preserve compatibility, since the minimum has been 32 for production for a very long time. This repo is just intended to provide an example starting point for creating a Java OIDC service provider, not to provide an official reference implementation.

[forgo]

On a related note, I have been using 'spring-security-oauth2', and my authorization request is automatically tacking on a state= param which is 6 characters long by default. There seem to be no straightforward way of overriding this or configuring it to be longer. I have opened up an issue with Spring, but I'm curious if anyone has any suggestions to get around this? It seems most security libraries get in your way rather than help you...

spring-attic/spring-security-oauth#1526

The 6-character setting seems to be set here, is there a way to override this?
https://github.com/spring-projects/spring-security-oauth/blob/master/spring-security-oauth2/src/main/java/org/springframework/security/oauth2/common/util/RandomValueStringGenerator.java