One Login url calls random uuid

src/main/java/gov/cabinetofice/gapuserservice/service/OneLoginService.java

@@ -42,10 +42,6 @@ public class OneLoginService {
     @Value("${onelogin.private-key}")
     public String privateKey;
 
-    private String nonce;
-
-    private String state;
-
     private static final String SCOPE = "openid email";
 
     private static final String VTR = "[\"Cl.Cm\"]";
@@ -153,13 +149,13 @@ public Optional<User> getUser(final String email, final String sub) {
     }
 
     public String generateNonce() {
-         nonce = UUID.randomUUID().toString();
-         return nonce;
+         return UUID.randomUUID().toString();
+
     }
 
     public String generateState() {
-        state = UUID.randomUUID().toString();
-        return state;
+        return UUID.randomUUID().toString();
+
     }
 
     public String getOneLoginAuthorizeUrl() {
@@ -168,9 +164,9 @@ public String getOneLoginAuthorizeUrl() {
                         "/authorize?response_type=code" +
                         "&scope=" + SCOPE +
                         "&client_id=" + clientId +
-                        "&state=" + nonce +
+                        "&state=" + generateState() +
                         "&redirect_uri=" + serviceRedirectUrl +
-                        "&nonce=" + state +
+                        "&nonce=" + generateNonce() +
                         "&vtr=" + VTR +
                         "&ui_locales=" + UI;
     }

src/main/java/gov/cabinetofice/gapuserservice/web/LoginControllerV2.java

@@ -68,8 +68,6 @@ public RedirectView login(final @RequestParam Optional<String> redirectUrl,
             response.addCookie(redirectUrlCookie);
 
             // TODO : Decide on where to set and evaluate nonce and state
-            final String nonce = oneLoginService.generateNonce();
-            final String state = oneLoginService.generateState();
             return new RedirectView(NOTICE_PAGE_VIEW);
         }