From c77ea41af0bf1ab7d63d46b04e2f5f64eaa9d6d3 Mon Sep 17 00:00:00 2001
From: Jens L <jens@goauthentik.io>
Date: Fri, 5 Jan 2024 19:03:15 +0100
Subject: [PATCH] providers/oauth2: fix missing nonce in token endpoint not
 being saved (#8073)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
---
 authentik/providers/oauth2/views/token.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/authentik/providers/oauth2/views/token.py b/authentik/providers/oauth2/views/token.py
index b5aaf6b0d..3bf134b09 100644
--- a/authentik/providers/oauth2/views/token.py
+++ b/authentik/providers/oauth2/views/token.py
@@ -490,12 +490,13 @@ class TokenView(View):
             auth_time=self.params.authorization_code.auth_time,
             session_id=self.params.authorization_code.session_id,
         )
-        access_token.id_token = IDToken.new(
+        access_id_token = IDToken.new(
             self.provider,
             access_token,
             self.request,
         )
-        access_token.id_token.nonce = self.params.authorization_code.nonce
+        access_id_token.nonce = self.params.authorization_code.nonce
+        access_token.id_token = access_id_token
         access_token.save()
 
         response = {