From e51d548995ba0ecee9cff4e4fe2ce1368d1fd5b5 Mon Sep 17 00:00:00 2001
From: Michael Jumper <mjumper@apache.org>
Date: Thu, 26 Jan 2023 11:30:51 -0800
Subject: [PATCH] GUACAMOLE-839: Ensure each NonceService instance has its own
 context (will not validate the nonces of other contexts).

---
 .../main/java/org/apache/guacamole/auth/sso/NonceService.java  | 2 --
 .../auth/openid/OpenIDAuthenticationProviderModule.java        | 3 ++-
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java
index a06340653..5eb1e4b5d 100644
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-base/src/main/java/org/apache/guacamole/auth/sso/NonceService.java
@@ -20,7 +20,6 @@
 package org.apache.guacamole.auth.sso;
 
 import com.google.inject.Inject;
-import com.google.inject.Singleton;
 import java.util.Iterator;
 import java.util.Locale;
 import java.util.Map;
@@ -30,7 +29,6 @@ import java.util.concurrent.ConcurrentHashMap;
  * Service for generating and validating single-use random tokens (nonces).
  * Each generated nonce is at least 128 bits and case-insensitive.
  */
-@Singleton
 public class NonceService {
 
     /**
diff --git a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java
index ba1bf74b3..2fce2a719 100644
--- a/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java
+++ b/extensions/guacamole-auth-sso/modules/guacamole-auth-sso-openid/src/main/java/org/apache/guacamole/auth/openid/OpenIDAuthenticationProviderModule.java
@@ -20,6 +20,7 @@
 package org.apache.guacamole.auth.openid;
 
 import com.google.inject.AbstractModule;
+import com.google.inject.Scopes;
 import org.apache.guacamole.auth.openid.conf.ConfigurationService;
 import org.apache.guacamole.auth.sso.NonceService;
 import org.apache.guacamole.auth.openid.token.TokenValidationService;
@@ -32,7 +33,7 @@ public class OpenIDAuthenticationProviderModule extends AbstractModule {
     @Override
     protected void configure() {
         bind(ConfigurationService.class);
-        bind(NonceService.class);
+        bind(NonceService.class).in(Scopes.SINGLETON);
         bind(TokenValidationService.class);
     }