I have create an ASPNET MVC app based on the article found here: https://developer.okta.com/blog/2018/04/18/authorization-in-your-aspnet-mvc-4-application. While testing on my local machine, authentication works as I would expect. However, when I deploy my application to a staging server for testing I get the following error:
Exception type: OpenIdConnectProtocolInvalidNonceException
Exception message: IDX21323: RequireNonce is ‘[PII is hidden]’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated.
This only appears to happen on the first attempt to login. If I navigate to my login controller, all appears to be working correctly until I clear the cache and cookies.
I have looked at the request being sent to /authorization-code/callback and it appears that the nonce in provided in the token.
Could you please provide any advise on where I would begin to look to find where the differences could lay between the local environment and the staging environment.
Any assistance would be greatly appreciated.