I’ve created an ASP.NET Core web app using MVC and cookie authentication. When I use Chrome or Firefox and I login in I get the error
OpenIdConnectProtocolInvalidNonceException: IDX10320: RequireNonce is ‘True’ but OpenIdConnectProtocolValidationContext.Nonce is null. A nonce cannot be validated. If you don’t need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to ‘false’.
However, if I use Edge it logs in fine. Any idea why different browsers would produce different results?
I can provide a fiddler trace, not sure if I’d be giving away sensitive information in it.