oidc.rb in rodauth-oauth-1.5.0

- old
+ new

@@ -300,14 +300,14 @@
 
       if (claims = param_or_nil("claims"))
         # The value is a JSON object listing the requested Claims.
         claims = JSON.parse(claims)
 
-        claims.each do |_, individual_claims|
+        claims.each_value do |individual_claims|
           redirect_response_error("invalid_request") unless individual_claims.is_a?(Hash)
 
-          individual_claims.each do |_, claim|
+          individual_claims.each_value do |claim|
             redirect_response_error("invalid_request") unless claim.nil? || individual_claims.is_a?(Hash)
           end
         end
       end
 
@@ -417,10 +417,12 @@
         clear_session
         set_session_value(login_redirect_session_key, request.fullpath)
 
         login_cookie_opts = Hash[oauth_prompt_login_cookie_options]
         login_cookie_opts[:value] = "login"
-        login_cookie_opts[:expires] = convert_timestamp(Time.now + oauth_prompt_login_interval) # 15 minutes
+        if oauth_prompt_login_interval
+          login_cookie_opts[:expires] = convert_timestamp(Time.now + oauth_prompt_login_interval) # 15 minutes
+        end
         ::Rack::Utils.set_cookie_header!(response.headers, oauth_prompt_login_cookie_key, login_cookie_opts)
 
         redirect require_login_redirect
       when "consent"
         return unless request.post?