Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

disableNonceCheck always leads to an error

See original GitHub issue

on version 13.0.1

Current behavior Passing { disableNonceCheck: true } to tryLoginCodeFlow (or other calling methods) will always result in Promise.reject()

The method is as following:

if (!options.disableNonceCheck) { ... }
return Promise.reject();

therefore, it will always result in an error.

Expected behavior code should probably be something like:

        if (!options.disableNonceCheck) {
            if (!nonceInState) {
                this.saveRequestedRoute();
                return Promise.resolve();
            }
            if (!options.disableOAuth2StateCheck) {
                const success = this.validateNonce(nonceInState);
                if (!success) {
                    const event = new OAuthErrorEvent('invalid_nonce_in_state', null);
                    this.eventsSubject.next(event);
                    return Promise.reject(event);
                }
            }
        }
        this.storeSessionState(sessionState);
        if (code) {
            await this.getTokenFromCode(code, options);
            this.restoreRequestedRoute();
            return Promise.resolve();
        }
        else {
            return Promise.resolve();
        }

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:6
  • Comments:5 (2 by maintainers)

github_iconTop GitHub Comments

4reactions
ssaipcommented, Apr 23, 2022

Running into the same problem. @ssaip do you have any workaround for this issue?

We forked the project, fixed it there and build it ourselves.

There’s also an open pull request with the fix: https://github.com/manfredsteyer/angular-oauth2-oidc/pull/1211

0reactions
manfredsteyercommented, Nov 18, 2022

Thanks for pointing this out. will be fixed in the next version.

Read more comments on GitHub >

github_iconTop Results From Across the Web

OAuthService - angular-oauth2-oidc
Service for logging in and logging out with OIDC and OAuth2. Supports implicit flow and password flow. Extends. AuthConfig. Index. Properties.
Read more >
Changelog for RSVP Events - EventON - Documentation
FIXED: to show virtual info set to always does not email virtual info ... FIXED: change rsvp causing not enough space error. FIXED:...
Read more >
WordPress Shopping Cart Change Log - Tips and Tricks HQ
Added an option in the settings to disable nonce check for the add to cart button. ... Fixed a minor bug that was...
Read more >
Handbook | FortiADC 5.4.2 | Fortinet Documentation Library
Note: The default is -1, which means that the existing cache will always be used. The smaller value will be used if the...
Read more >
readme.txt - IDENTCO
Dynamics 365 Integration === Contributors: alexacrm, georgedude, wizardist Tags: contact form, CRM, dynamics crm, dynamics 365, form, integration, leads, ...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Where are versions after 12.1?

Next page

Event 'discovery_document_loaded' is triggered twice, possibly causing nonce validation to fail