From d797a5b14dbb3e5233cdbafa9eab7351811b2b3f Mon Sep 17 00:00:00 2001
From: Quentin Gliech <quenting@element.io>
Date: Wed, 7 May 2025 18:50:38 +0200
Subject: [PATCH] Explain why nonce is optional now

Co-authored-by: reivilibre <oliverw@element.io>
---
 crates/oidc-client/src/requests/authorization_code.rs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crates/oidc-client/src/requests/authorization_code.rs b/crates/oidc-client/src/requests/authorization_code.rs
index 850813d8b..9f3b75e4c 100644
--- a/crates/oidc-client/src/requests/authorization_code.rs
+++ b/crates/oidc-client/src/requests/authorization_code.rs
@@ -191,6 +191,7 @@ pub struct AuthorizationValidationData {
     pub state: String,
 
     /// A string to mitigate replay attacks.
+    /// Used when the `openid` scope is set (and therefore we are using OpenID Connect).
     pub nonce: Option<String>,
 
     /// The URI where the end-user will be redirected after authorization.