Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Nonce does not match [8.2.0]

See original GitHub issue

I’m using parseHash to parse the access_token returned after logging a user in and occasionally receiving an error about the nonce not matching.

this.auth0 = new auth0.WebAuth({
      clientID: clientId,
      domain: domain,
      leeway: 60 // 1 minute leeway
    });

...

parseInfo(hash) {
    return new BluebirdPromise((resolve, reject) => {
      return this.parseHash(hash, (err, authResult) => {
        if (err) {
          return console.log(err);
        }
        const {accessToken, idToken} = authResult;

        return this.auth0.client.userInfo(accessToken, (err, profile) => {
          return resolve({profile, idToken});
        });
      });
    });
  }

...

_socialLogin(connection) {
    //redirects the call to auth0 instance
    const loginParams = {
      connection: connection,
      responseType: 'token id_token',
      redirectUri: `${Config.clientUrl}/auth/callback`,
      scope: LOGIN_TOKEN_SCOPE
    };

    this.auth0.authorize(loginParams);
  }

I’m passing window.location.hash to the parseInfo function. Is there something I’m missing based on the above configuration that might sometimes return a nonce match error?

Issue Analytics

State:
Created 7 years ago
Comments:32 (11 by maintainers)

Top GitHub Comments

15reactions

davidaschercommented, May 25, 2017

FYI: in my case, the problem was that I was calling parseHash and not specifying options (as the samples e.g. https://github.com/auth0-samples/auth0-react-samples/blob/master/01-Login/src/Auth/Auth.js#L29 do. Once I changed:

    this.auth0.parseHash((err, authResult) => {

    this.auth0.parseHash(window.location.hash, (err, authResult) => {

the nonce complaint went away.

4reactions

tdekoekkoekcommented, Jun 2, 2017

Thanks @davidascher, that fixed my problem as well. Strange though as the sample Angular 2 app on Auth0 site did not include the window.location.hash.

Top Results From Across the Web

invalid token nonce does not match - Auth0 Community

I occasionally get an invalid token error logging in with the error of nonce does not match. Today it was logging in to...

Nonce keys do not match - WordPress.org

Hi, I have just installed the plugin and started a scan, but I got the error message: Nonce keys do not match. Try...

What's the purpose of a nonce for uploads through ... - Reddit

I have a site where all users are allowed to upload images through a front end tool. The file selection tool (a file...

Brocade Fabric OS Message Reference Manual, 8.2.1 - Dell

alternative name (SAN) of the peer does not match the expected identifier for the ... A nonce is a single-use, usually random value...

ETSI TS 133 203 V8.8.0 (2010-01)

No part may be reproduced except as authorized by written permission. ... P-CSCF shall agree on security associations, which include the encryption key...