From 91e55aeb9b15da948e154a301ac6e8982c5b67ea Mon Sep 17 00:00:00 2001
From: Ben <zyhfish@163.com>
Date: Tue, 26 Aug 2025 20:26:11 +0800
Subject: [PATCH] Fix #5532:  change the default value to true.

---
 Oqtane.Client/Modules/Admin/Users/Index.razor                   | 2 +-
 .../Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/Oqtane.Client/Modules/Admin/Users/Index.razor b/Oqtane.Client/Modules/Admin/Users/Index.razor
index 97bbdebe..fa3dccf3 100644
--- a/Oqtane.Client/Modules/Admin/Users/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Index.razor
@@ -656,7 +656,7 @@ else
         _synchronizeroles = SettingService.GetSetting(settings, "ExternalLogin:SynchronizeRoles", "false");
         _profileclaimtypes = SettingService.GetSetting(settings, "ExternalLogin:ProfileClaimTypes", "");
         _savetokens = SettingService.GetSetting(settings, "ExternalLogin:SaveTokens", "false");
-        _requirenonce = SettingService.GetSetting(settings, "ExternalLogin:RequireNonce", "false");
+        _requirenonce = SettingService.GetSetting(settings, "ExternalLogin:RequireNonce", "true");
         _domainfilter = SettingService.GetSetting(settings, "ExternalLogin:DomainFilter", "");
         _createusers = SettingService.GetSetting(settings, "ExternalLogin:CreateUsers", "true");
         _verifyusers = SettingService.GetSetting(settings, "ExternalLogin:VerifyUsers", "true");
diff --git a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
index 6f6651e3..3bdc49c4 100644
--- a/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
+++ b/Oqtane.Server/Extensions/OqtaneSiteAuthenticationBuilderExtensions.cs
@@ -63,7 +63,7 @@ namespace Oqtane.Extensions
                     options.ResponseType = sitesettings.GetValue("ExternalLogin:AuthResponseType", "code"); // default is authorization code flow
                     options.UsePkce = bool.Parse(sitesettings.GetValue("ExternalLogin:PKCE", "false"));
                     options.SaveTokens = bool.Parse(sitesettings.GetValue("ExternalLogin:SaveTokens", "false"));
-                    options.ProtocolValidator.RequireNonce = bool.Parse(sitesettings.GetValue("ExternalLogin:RequireNonce", "false")); ;
+                    options.ProtocolValidator.RequireNonce = bool.Parse(sitesettings.GetValue("ExternalLogin:RequireNonce", "true")); ;
                     if (!string.IsNullOrEmpty(sitesettings.GetValue("ExternalLogin:RoleClaimType", "")))
                     {
                         options.TokenValidationParameters.RoleClaimType = sitesettings.GetValue("ExternalLogin:RoleClaimType", "");