[Asp.net] IDX21323 on Chrome

I downloaded the sample asp.net app (https://github.com/okta/samples-aspnet/tree/master/okta-hosted-login) and configured it.

Please note that I didn’t change anything, I just followed the tutorial

Everything works fine in Edge (i.e. I can login without problem), but if I use the app in chrome i get the following message:

IDX21323: RequireNonce is ‘System.Boolean’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.

This seems a “bug” introduced after chrome 80.

I already searched the web but the only solution that works for me is to disable a flag in chrome:

This is obviously not acceptable for a productive web app with a lot of users.

Other solutions, like intercepting the error and perform some redirect, are not working for me.

Can you please help?

I am experiencing the same issue in Chrome.

It looks like cookies coming from the openIDconnect login are sent without the secure attribute.

Has anyone found a solution?