IDX21323: RequireNonce is System.Boolean

elcorzo75 · May 16, 2022, 8:53pm

I am using the following example: samples-aspnet-webforms/okta-hosted-login at master · okta/samples-aspnet-webforms · GitHub

OKTA validation calls me, it validates my account, but when it directs me to the URL I get the following error: IDX21323: RequireNonce is ‘System.Boolean’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.

Do the possible solution ( Troubleshooting IDX21323: RequireNonce is ‘System.Boolean’ (okta.com)) but I still get the same error, any suggestions.

erik · May 16, 2022, 9:37pm

Hello,
When you test can you open the dev console window and view the network calls.
Verify that the sign-in route that redirects to /authorize sets both .NET oidc cookies,

Set-Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8NuYH8...Sqw=N; expires=Mon, 16 May 2022 21:43:25 GMT; path=/authorization-code/callback; secure; samesite=none; httponly
Set-Cookie:
.AspNetCore.Correlation.OpenIdConnect.7bVwiH...ak0=N; expires=Mon, 16 May 2022 21:43:25 GMT; path=/authorization-code/callback; secure; samesite=none; httponly

After the /authorize call, on the redirect back to the .NET callback route verify the browser is sending both cookies,
Cookie: .AspNetCore.OpenIdConnect.Nonce.CfDJ8NuYH8...Sqw=N; .AspNetCore.Correlation.OpenIdConnect.7bVwiH...ak0=N

Note this is functionality of .NET, not the Okta SDK. Check how the cookies are being stored (http-only, samesite, secure, expiry time) and that they are being sent with the request callback. Sounds like they are not.

system · February 12, 2024, 7:36pm

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.