I downloaded the sample asp.net app (https://github.com/okta/samples-aspnet/tree/master/okta-hosted-login) and configured it.
Please note that I didn’t change anything, I just followed the tutorial
Everything works fine in Edge (i.e. I can login without problem), but if I use the app in chrome i get the following message:
IDX21323: RequireNonce is ‘System.Boolean’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.
This seems a “bug” introduced after chrome 80.
I already searched the web but the only solution that works for me is to disable a flag in chrome:
This is obviously not acceptable for a productive web app with a lot of users.
Other solutions, like intercepting the error and perform some redirect, are not working for me.
Can you please help?