Hello I am trying to prepare our application for upcoming Chrome 80 update which will bring changes in SameSite cookie attribute policy (https://blog.chromium.org/2019/10/developers-get-ready-for-new.html )
I am working with ASP.NET MVC solution with Okta.AspNet nuget packge.
I did everything exactly as it is described in this article ( https://github.com/okta/okta-aspnet/blob/master/docs/aspnet4x-mvc.md )
This works fine with those flags set to false in firefox
network.cookie.sameSite.laxByDefault false
network.cookie.sameSite.noneRequiresSecure false
Problems occurs when i try to set them to true
network.cookie.sameSite.laxByDefault true
network.cookie.sameSite.noneRequiresSecure true
Then I am receiving this error.
IDX21323: RequireNonce is ‘True’. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’. Note if a ‘nonce’ is found it will be evaluated.
I am not able to change OpenIdConnectProtocolValidator.RequireNonce to ‘false’.
Does anyone faced this kind of issue before ? Does current version of Okta.AspNet (v.1.4.0) support SameSite cookie policy change ?