Nonce Check Fails in Firefox and Chrome but not Edge

I’ve created an ASP.NET Core web app using MVC and cookie authentication. When I use Chrome or Firefox and I login in I get the error

OpenIdConnectProtocolInvalidNonceException: IDX10320: RequireNonce is ‘True’ but OpenIdConnectProtocolValidationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.

However, if I use Edge it logs in fine. Any idea why different browsers would produce different results?

I can provide a fiddler trace, not sure if I’d be giving away sensitive information in it.

I worked it out. I was setting cookie policy to require consent for non-essential cookies. Because I didn’t have the consent script in my app chrome refused to set the nonce cookie. Edge obviously doesn’t care :wink:

I have to say I would image that the nonce is actually a pretty essential cookie, is there any way to signify that fact?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.