error invalid_nonce_in_state

Hi,

here’s my issue. I’ve set up my angular application with angular-oauth-oidc npm package. I’ve an invalid_nonce_in_state error that I can’t fix.

Here’s the behavior. 1 - I’m loging in my application. Life time of session is around 5 minutes. 2 - I close tab in my browser which display my application and wait for more than 5 minutes so that my session is finished. 3 - I reopen a new tab ant try to get access to my application. As my token isn’t valid anymore, I get a new one however the nonce isn’t valid.

When my application start, I try to login: this.oAuthService.loadDiscoveryDocumentAndTryLogin();

As far as I can see I get a new tokens (id_token and access_token). In OAuthService.prototype.tryLogin:

var state = parts['state']; // => state = "f9N16fCnypbhK97ewg23brqrowqkrfS5gO4J0gDR" var nonceInState = state; // => nonceInState = "f9N16fCnypbhK97ewg23brqrowqkrfS5gO4J0gDR"

Nonce from my new token will be verified with nonce in my localStorage with OAuthService.prototype.validateNonceForAccessToken.

var savedNonce = this._storage.getItem('nonce'); // => savedNonce = "FCpDW1apX7zQTzq0PkXbE7l2wedjhZKRFnwaDHsn" if (savedNonce !== nonceInState) { var err = 'Validating access_token failed, wrong state/nonce.'; console.error(err, savedNonce, nonceInState); return false; }

Expected behavior In this process, as I’m requesting new tokens, I expected to go throw OAuthService.prototype.createAndSaveNonce so that we get a new nonce which is stored in localstorage. Like this, when we go throw OAuthService.prototype.validateNonceForAccessToken, we get the new nonce and we can check it.

May be there’s something that I haven’t understand… I’ve tried to find a solution here without success…

Thanks for your help