Nonce is invalid in id_token

Mugen · April 10, 2024, 4:06pm

I’m writing a custom OIDC integration. For the last step, where Okta exchanges a code for a token, I’m getting the following error after responding from /token endpoint:

com.saasure.platform.services.idp.exception.IdpAuthenticationException: Nonce is invalid in id_token

These are the claims in my jwt id token:

{
  "iat": 1712764572,
  "sub": "test@test.com",
  "jti": "8285bc11-2668-4ead-b007-495c20d522af",
  "nonce": "dRQR84bgeg1R9wxoePFaOaYsCSOIkVfr",
  "at_hash": "I1DWSlQIvpt_PJl3UqaM_w",
  "family_name": "••••",
  "given_name": "••••",
  "nbf": 1712764572,
  "exp": 1712764872,
  "iss": "Acme",
  "aud": "Acme"
}

I don’t see any reason for nonce to not be valid, so I’m suspecting the error message is wrong. Anyone has any idea what might be the issue with the claims?

Mugen · April 11, 2024, 7:16am

OK I now understand that Okta expects the nonce to match the one given initially in the /auth endpoint.

system · April 12, 2024, 7:46am

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.

Post		Replies	Views
Invalid ID Token Error Questions	1	4760	January 24, 2024
Authorization Code Flow : validating JWT Token, nonce required Questions	6	4939	April 28, 2021
Invalid_social_token - Could not acquire access token from authorization code OAuth/OIDC	2	5029	August 1, 2022
Invalid_social_token - Could not acquire access token from authorization code 2 OAuth/OIDC	2	2325	February 14, 2024
Validating id_token in Postman Questions	7	3892	April 23, 2020

Nonce is invalid in id_token

Related topics