Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

error invalid_nonce_in_state

See original GitHub issue


here’s my issue. I’ve set up my angular application with angular-oauth-oidc npm package. I’ve an invalid_nonce_in_state error that I can’t fix.

Here’s the behavior. 1 - I’m loging in my application. Life time of session is around 5 minutes. 2 - I close tab in my browser which display my application and wait for more than 5 minutes so that my session is finished. 3 - I reopen a new tab ant try to get access to my application. As my token isn’t valid anymore, I get a new one however the nonce isn’t valid.

When my application start, I try to login: this.oAuthService.loadDiscoveryDocumentAndTryLogin();

As far as I can see I get a new tokens (id_token and access_token). In OAuthService.prototype.tryLogin:

var state = parts['state']; // => state = "f9N16fCnypbhK97ewg23brqrowqkrfS5gO4J0gDR" var nonceInState = state; // => nonceInState = "f9N16fCnypbhK97ewg23brqrowqkrfS5gO4J0gDR"

Nonce from my new token will be verified with nonce in my localStorage with OAuthService.prototype.validateNonceForAccessToken.

var savedNonce = this._storage.getItem('nonce'); // => savedNonce = "FCpDW1apX7zQTzq0PkXbE7l2wedjhZKRFnwaDHsn" if (savedNonce !== nonceInState) { var err = 'Validating access_token failed, wrong state/nonce.'; console.error(err, savedNonce, nonceInState); return false; }

Expected behavior In this process, as I’m requesting new tokens, I expected to go throw OAuthService.prototype.createAndSaveNonce so that we get a new nonce which is stored in localstorage. Like this, when we go throw OAuthService.prototype.validateNonceForAccessToken, we get the new nonce and we can check it.

May be there’s something that I haven’t understand… I’ve tried to find a solution here without success…

Thanks for your help

Issue Analytics

  • State:closed
  • Created 4 years ago
  • Comments:10

github_iconTop GitHub Comments

jornarecommented, Feb 21, 2020

We’re also getting this error every now and then. We have noticed at least while using Angular 9, but we may have had the issue in A8 as well. Can’t really pinpoint when it happens, it seems sort of random.

JoanGilcommented, Nov 16, 2020

I’ve experienced this same issue with Angular 10. The reason was that I tried to save some data to the sessionStorage. Removing the piece of code accessing the sessionStorage solved the issue. Maybe this can help to find the problem.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Validating access_token failed, wrong state/nonce · Issue #728
With 8.0.4, I got the same error: Validating access_token failed, wrong state/nonce as there was no nonce in local storage.
Read more >
“Invalid Nonce” Error in login/register page -
I am using your plugin and getting this error- “Invalid Nonce” while trying to login or register, from last week or so (last...
Read more >
Validate state and nonce in oidc-client - Stack Overflow
So I have debugged the code and found the questions for your answers,. The nonce value is per session or per user request?...
Read more >
Angular-oauth2-oidc: Error validating tokens. Wrong nonce.
After integrating the Angular-oauth2-oidc library in our application, we got the following error message when invoking the Implicit Flow: Error ...
Read more >
Angular UI Bug: Error Refreshing Token, Wrong State/Nonce ...
With your steps, we can reproduce the wrong state/nonce error. But after navigating to the identity server, the identity server didn't ask for ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found