Authorization Code Flow : validating JWT Token, nonce required

I’m using the Authorization Code Flow with the Okta Sign in Widget.

Receiving a code back from a successful login, then hitting the /token endpoint to swap that code for an id_token that contains user profile claims that I need for my app.

I’m trying to validate my JWT id_token, but it’s erroring with Nonce does not match what is expected. Make sure to provide the nonce with setNonce() from the JwtVerifierBuilder.

I’ve tried setNonce(null), but it still yells at me.

What can I do? How can I get the nonce value from the authorization code flow, in order to validate an id_token?

@kblizeck Hi, if you are not using a nonce, you can use the setNonce(null) method to skip nonce validation. Not sure what error you received after that, but you can check if this solution works for you.

I was receiving the same Nonce error I included in my original message when sending setNonce(null), that the Nonce didn’t match.

@kblizeck Can you please check the link of the solution (overrode the decode function) I attached? If that does not work for you, please open a support ticket through an email to with this issue? One of our Dev Support Engineers will take the case and assist you in narrowing down the cause of the issue. Thanks

I opened a support ticket, and was able to get this resolved!

Great to know. Thanks for the update. This topic is closed.