lib/rodauth/features/oidc.rb in rodauth-oauth-0.10.2 vs lib/rodauth/features/oidc.rb in rodauth-oauth-0.10.3

@@ -1,6 +1,6 @@
-# frozen-string-literal: true
+# frozen_string_literal: true
 
 module Rodauth
   Feature.define(:oidc, :Oidc) do
     # https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims
     OIDC_SCOPES_MAP = {
@@ -270,23 +270,25 @@
 
         super
       end
     end
 
-    def validate_oauth_grant_params
+    def validate_authorize_params
       return super unless (max_age = param_or_nil("max_age"))
 
       max_age = Integer(max_age)
 
       redirect_response_error("invalid_request") unless max_age.positive?
 
-      return unless Time.now - last_account_login_at > max_age
+      if Time.now - last_account_login_at > max_age
+        # force user to re-login
+        clear_session
+        set_session_value(login_redirect_session_key, request.fullpath)
+        redirect require_login_redirect
+      end
 
-      # force user to re-login
-      clear_session
-      set_session_value(login_redirect_session_key, request.fullpath)
-      redirect require_login_redirect
+      super
     end
 
     def require_authorizable_account
       try_prompt
       super
@@ -383,10 +385,10 @@
         create_params[oauth_grants_acr_column] = acr
       end
       super
     end
 
-    def create_oauth_token_from_authorization_code(oauth_grant, create_params)
+    def create_oauth_token_from_authorization_code(oauth_grant, create_params, *)
       create_params[oauth_tokens_nonce_column] = oauth_grant[oauth_grants_nonce_column] if oauth_grant[oauth_grants_nonce_column]
       create_params[oauth_tokens_acr_column] = oauth_grant[oauth_grants_acr_column] if oauth_grant[oauth_grants_acr_column]
 
       super
     end