I’m integrating Auth0 with universal login into a ASP.Net webforms application. I followed the quick start tutorials to get started. When testing, I’m able to get the login to prompt. After entering credentials, the site calls back and then I get the following error.
After research, I’ve found this is likely due to Katana bug 197. The workaround is to implement SystemWebCookieManager. So I did and still get the same error.
This is how I have the authentication options set up :
I can see the nonce when debugging from the browser, but don’t during the call back. I see a token. Do we need a nonce at that point?
The nonce is a value that helps bind the client session (the session in your application) with the ID token that’s generated during the authentication flow. This helps prevent replay attacks.
You should be able to see the nonce value in your ID token, but not explicitly in the callback URL, like the state.