error invalid_nonce_in_state
See original GitHub issueHi,
here’s my issue. I’ve set up my angular application with angular-oauth-oidc npm package. I’ve an invalid_nonce_in_state error that I can’t fix.
Here’s the behavior. 1 - I’m loging in my application. Life time of session is around 5 minutes. 2 - I close tab in my browser which display my application and wait for more than 5 minutes so that my session is finished. 3 - I reopen a new tab ant try to get access to my application. As my token isn’t valid anymore, I get a new one however the nonce isn’t valid.
When my application start, I try to login:
this.oAuthService.loadDiscoveryDocumentAndTryLogin();
As far as I can see I get a new tokens (id_token and access_token). In OAuthService.prototype.tryLogin:
var state = parts['state']; // => state = "f9N16fCnypbhK97ewg23brqrowqkrfS5gO4J0gDR"
var nonceInState = state; // => nonceInState = "f9N16fCnypbhK97ewg23brqrowqkrfS5gO4J0gDR"
Nonce from my new token will be verified with nonce in my localStorage with OAuthService.prototype.validateNonceForAccessToken.
var savedNonce = this._storage.getItem('nonce'); // => savedNonce = "FCpDW1apX7zQTzq0PkXbE7l2wedjhZKRFnwaDHsn"
if (savedNonce !== nonceInState) {
var err = 'Validating access_token failed, wrong state/nonce.';
console.error(err, savedNonce, nonceInState);
return false;
}
Expected behavior In this process, as I’m requesting new tokens, I expected to go throw OAuthService.prototype.createAndSaveNonce so that we get a new nonce which is stored in localstorage. Like this, when we go throw OAuthService.prototype.validateNonceForAccessToken, we get the new nonce and we can check it.
May be there’s something that I haven’t understand… I’ve tried to find a solution here without success…
Thanks for your help
Issue Analytics
- State:
- Created 4 years ago
- Comments:10
We’re also getting this error every now and then. We have noticed at least while using Angular 9, but we may have had the issue in A8 as well. Can’t really pinpoint when it happens, it seems sort of random.
I’ve experienced this same issue with Angular 10. The reason was that I tried to save some data to the sessionStorage. Removing the piece of code accessing the sessionStorage solved the issue. Maybe this can help to find the problem.