No error returned if no code provided on OpenID Connect token endpoint
When sending a request to OIDC token endpoint without authorization code, there is no error, and an empty session is created:
[debug] URL detected as an OpenID Connect TOKEN URL
[debug] Method client_secret_basic used
[debug] Client id e3aYtsrppyCQA3zM3CY555wVdsnzwJhT match Relying Party svc-naming-convention
Use of uninitialized value $code in concatenation (.) or string at /usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 1012.
[debug] OpenID Connect Code:
Use of uninitialized value in string eq at /usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 1038.
Use of uninitialized value in string eq at /usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 1038.
[debug] Try to get a new SSO session
[debug] Return SSO session 73a75534f99e7268a7fa89215309c86854e6e53739cb62595ad31ae9874189dd
Use of uninitialized value $user_id in concatenation (.) or string at /usr/share/perl5/Lemonldap/NG/Portal/Issuer/OpenIDConnect.pm line 1063.
[debug] Found corresponding user:
[debug] Generated access token: 9a5d034042ef861c5d4ec11ae5ef47fd1ecded1fb9ac0592d874a2d534386a8e
We must return an error if the code is not present.