IDX21323: RequireNonce is System.Boolean

I am using the following example: samples-aspnet-webforms/okta-hosted-login at master · okta/samples-aspnet-webforms · GitHub

OKTA validation calls me, it validates my account, but when it directs me to the URL I get the following error: IDX21323: RequireNonce is ‘System.Boolean’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.

Do the possible solution ( Troubleshooting IDX21323: RequireNonce is ‘System.Boolean’ (okta.com)) but I still get the same error, any suggestions.

Hello,
When you test can you open the dev console window and view the network calls.
Verify that the sign-in route that redirects to /authorize sets both .NET oidc cookies,

Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8NuYH8...Sqw=N; expires=Mon, 16 May 2022 21:43:25 GMT; path=/authorization-code/callback; secure; samesite=none; httponly
Set-Cookie:
.AspNetCore.Correlation.OpenIdConnect.7bVwiH...ak0=N; expires=Mon, 16 May 2022 21:43:25 GMT; path=/authorization-code/callback; secure; samesite=none; httponly

After the /authorize call, on the redirect back to the .NET callback route verify the browser is sending both cookies,
Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8NuYH8...Sqw=N; .AspNetCore.Correlation.OpenIdConnect.7bVwiH...ak0=N

Note this is functionality of .NET, not the Okta SDK. Check how the cookies are being stored (http-only, samesite, secure, expiry time) and that they are being sent with the request callback. Sounds like they are not.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.