IDX21323: RequireNonce Only on initial login

I have create an ASPNET MVC app based on the article found here: https://developer.okta.com/blog/2018/04/18/authorization-in-your-aspnet-mvc-4-application. While testing on my local machine, authentication works as I would expect. However, when I deploy my application to a staging server for testing I get the following error:

Exception information:
Exception type: OpenIdConnectProtocolInvalidNonceException
Exception message: IDX21323: RequireNonce is ‘[PII is hidden]’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated.

This only appears to happen on the first attempt to login. If I navigate to my login controller, all appears to be working correctly until I clear the cache and cookies.

I have looked at the request being sent to /authorization-code/callback and it appears that the nonce in provided in the token.

Could you please provide any advise on where I would begin to look to find where the differences could lay between the local environment and the staging environment.

Any assistance would be greatly appreciated.

As of now the issues seems to have been resolved after we changed the hostname of the application and configured the application settings in both okta and the web.config to reflect this new host.

Anyone else experience this issue? I’m currently seeing it in one of my test environments but cannot reproduce it in my local dev environment. Any suggestions of things to investigate would be greatly appreciated.

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.