We are trying to implement an Okta system for our site. After setting things up, we were able to get it to work when run on localhost in VS, and it works in Firefox when deployed to one of our environments. But that environment is failing when run in Chrome when it reaches PostLogin with the following exception:
Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolInvalidNonceException: IDX21323: RequireNonce is ‘[PII of type ‘System.Boolean’ is hidden. For more details, see Bing]’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateNonce(OpenIdConnectProtocolValidationContext validationContext)
at Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolValidator.ValidateTokenResponse(OpenIdConnectProtocolValidationContext validationContext)
at Microsoft.Owin.Security.OpenIdConnect.OpenIdConnectAuthenticationHandler.d__11.MoveNext()
We have ensured our cookies set samesite as none and secure as true, and the nonce cookie is showing such when we look at the cookies during operation, but Chrome is still getting that error. We have also tried setting options.ProtocolValidator.RequireNonce = false; but that gets an identical error message.