From b41a9ebb38163f0bd9b08ba411d31a2bb515d9ef Mon Sep 17 00:00:00 2001
From: Andrew Morgan <1342360+anoadragon453@users.noreply.github.com>
Date: Mon, 27 Jan 2025 18:39:51 +0000
Subject: [PATCH] OIDC: increase length of generated `nonce` parameter from
 30->32 chars (#18109)

---
 changelog.d/18109.misc   |  1 +
 synapse/handlers/oidc.py | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)
 create mode 100644 changelog.d/18109.misc

diff --git a/changelog.d/18109.misc b/changelog.d/18109.misc
new file mode 100644
index 0000000000..c310e76f78
--- /dev/null
+++ b/changelog.d/18109.misc
@@ -0,0 +1 @@
+Increase the length of the generated `nonce` parameter when perfoming OIDC logins to comply with the TI-Messenger spec.
\ No newline at end of file
diff --git a/synapse/handlers/oidc.py b/synapse/handlers/oidc.py
index 22b59829fa..701e828081 100644
--- a/synapse/handlers/oidc.py
+++ b/synapse/handlers/oidc.py
@@ -1002,7 +1002,21 @@ class OidcProvider:
         """
 
         state = generate_token()
-        nonce = generate_token()
+
+        # Generate a nonce 32 characters long. When encoded with base64url later on,
+        # the nonce will be 43 characters when sent to the identity provider.
+        #
+        # While RFC7636 does not specify a minimum length for the `nonce`
+        # parameter, the TI-Messenger IDP_FD spec v1.7.3 does require it to be
+        # between 43 and 128 characters. This spec concerns using Matrix for
+        # communication in German healthcare.
+        #
+        # As increasing the length only strengthens security, we use this length
+        # to allow TI-Messenger deployments using Synapse to satisfy this
+        # external spec.
+        #
+        # See https://github.com/element-hq/synapse/pull/18109 for more context.
+        nonce = generate_token(length=32)
         code_verifier = ""
 
         if not client_redirect_url: