I have the sign in widget working very well, except the token I get back is missing the nonce.
Initializing The Widget
Here is how i am initializing the widget. I even put nonce in two places to see if it would help and got no luck.
oktaSignIn = new OktaSignIn({
baseUrl: window.SAML_baseURL,
clientId: window.SAML_clientId,
redirectUri : window.SAML_redirectUri,
authParams: {
issuer: ‘default’,
responseType: [‘token’],
display: ‘page’,
nonce: saml_accessTokenNonce
},
nonce: saml_accessTokenNonce,
logo: window.SAML_firmBrandingPhoto.url
});
Parsing the redirect-uri
Here is a sample of one access token that is returned to my redirect-uri.
https:://myredirect-uri#access_token=eyJraWQiOiJxUnFOR1Y1Y01UcU0zbU1fOW9ySnNDb3VLMTIxTUFNbzZCNW8ySGk0SDlNIiwiYWxnIjoiUlMyNTYifQ.eyJ2ZXIiOjEsImp0aSI6IkFULkkxQUplWjJiX1FCSDAyT0QtdVdmMzdZcmJTd1EyZndVZndRQnhDeFB1Z28iLCJpc3MiOiJodHRwczovL2Rldi02MTcwMDIub2t0YXByZXZpZXcuY29tL29hdXRoMi9kZWZhdWx0IiwiYXVkIjoiYXBpOi8vZGVmYXVsdCIsImlhdCI6MTUzNDQ0MzAwMCwiZXhwIjoxNTM0NDQ2NjAwLCJjaWQiOiIwb2FmdnN2OXhwMlM0UVFtYTBoNyIsInVpZCI6IjAwdWZ3OXU1YzBMMnRXT0I5MGg3Iiwic2NwIjpbImVtYWlsIiwib3BlbmlkIl0sInN1YiI6ImRhdmVva3RhMTFAc3VyYWxpbmsuY29tIn0.gDsbpGj2yCbEiiC94KahK6EjWiVXQSs3wMWT_NNUEG6NUpXV0VwCSel2zl-9P0HQPGnVJgMtcbuqa12dEF0XJy9KqmxBLXDjpgq4RnA_MFSgbgpbwtRansvNiKzkmyjkkohEa1N-5De_hmou_xh0BfEjw0w9JqjafxdF5VzREXWbUnI5T0p5tlRYjA-ycVSUbZKLyHFgLN5_Fqept144lob4uoNqO6jLJypmzbhp-cWr4p_nrNoYjE3waza6jicg1zkbTGxX_S3I05rNgwIXZlakfIpiBJayEMKiQYsEEjvgMmD_QqaAPwLPnZQoTxLPpZMlZOJLoDBE2VZKuyE3RQ&token_type=Bearer&expires_in=3600&scope=email+openid&state=I3aXRSQPd8fj04LOdJTPbrnUr1uh0NLdAFCjqVvZzpOj6q6NzLA7JQQ5QRl6Y6v2
If you decode the token on https://jwt.io/ you will see that there is no nonce.
Here is how I am getting the token out of the url.
oktaSignIn.token.parseTokensFromUrl(
function success(res) {
oktaSignIn.tokenManager.add(‘my_id_token’, res);
res.session.setCookieAndRedirect(redirectUrl);
},
function error(err) {
handleError(err);
});
When I pass the token to my jwt verifier it throws ‘Nonce does not match what is expected. Make sure to provide the nonce with setNonce() from the JwtVerifierBuilder.’,
Thanks for any help or tips!