Description
Is your feature request related to a problem? Please describe.
A while ago this issue was resolved: #259
I am now facing a similar problem with LinkedIn, where the ID token in the response does not contain the nonce, hence the validation fails with authlib.jose.errors.MissingClaimError: missing_claim: Missing 'nonce' claim at claims.validate(leeway=leeway) in base_client/async_openid.py when calling authorize_access_token(request)
See https://stackoverflow.com/questions/76889585/issues-with-sign-in-with-linkedin-using-openid-connect
Describe the solution you'd like
I'd like to be able to easily switch off nonce validation, similar to the Apple solution listed above, but not depending on any claims, but easily configurable with e.g. a parameter in oauth.register calls.
Describe alternatives you've considered
I tried subclassing StarletteOAuth2App to exchange AsyncOpenIDMixin with a version without nonce validation but found no way to actually get authlib to use these.
I also tried compliance_fix with register_compliance_hook('access_token_response', remove_nonce_check) but I found no way to modify the response in a way that is useful here.
Another thing I tried was an OAuth2 flow (no OIDC), but this was deprecated by LinkedIn a while ago.
I finally succeeded by setting nonce to None in this session state object: f"_state_linkedin_{request.query_params.get("state")}" but I'd rather have a switch than having to modify the session.
The best scenario would obviously be for LinkedIn to follow OIDC specifications...