CJM
CJM

Reputation: 81

OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null - Azure AD, OpenIDConnect, C#, asp.net

For some reason I am receiving the following error after attempting to redeem my auth code for an access token:

Error: IDX21323: RequireNonce is '[PII is hidden]'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.

I'm running on IIS Express. OWIN startup.cs as follows:

public void Configuration(IAppBuilder app)
{
    app.SetDefaultSignInAsAuthenticationType(CookieAuthenticationDefaults.AuthenticationType);
    app.UseCookieAuthentication(new CookieAuthenticationOptions());
    app.UseOpenIdConnectAuthentication(
        new OpenIdConnectAuthenticationOptions
        {
            // Sets the ClientId, authority, RedirectUri as obtained from web.config
            ClientId = clientId,
            ClientSecret = clientSecret,
            Authority = authority,
            RedirectUri = redirectUri,
            PostLogoutRedirectUri = redirectUri,
            Scope = OpenIdConnectScope.OpenIdProfile,
            RedeemCode = true,
            ResponseType = OpenIdConnectResponseType.Code,

            TokenValidationParameters = new TokenValidationParameters()
            {
                ValidateIssuer = false,
            },
            Notifications = new OpenIdConnectAuthenticationNotifications
            {
                AuthenticationFailed = OnAuthenticationFailed,
            },
        }
    );
}

As far as I am aware the middleware manages the process and I simply instruct the middleware providing a bunch of config. I would like help to understand the error and try to find a solution.

Upvotes: 0

Views: 2340

Answers (1)

CJM
CJM

Reputation: 81

Using the nuget package manager to update all related packages to the newest versions seems to have made this issue go away.

Upvotes: 0

Related Questions