Auth0 Home Blog Docs

Nonce mismatch in OpenID Connect Enterprise Connections

I created a new OpenID Connect provider in the “Connections > Enterprise > OpenID Connect” menu.

When I try to login using my OpenID Connect provider to an application, browser redirects back to a URL like “http://localhost:3000/callback?error=invalid_request&error_description=nonce%20mismatch&state=BVT3U3oRv…”.

This happens because,
when Auth0 redirects to the authorization endpoint of my OpenID Connect provider,
it does NOT add a nonce!
The request parameters are (from Chrome developer tools)


So my OpenID Connect provider does NOT receive the nonce, and therefor cannot put it inside the id_token, but the RP (for my OpenID Connect provider) that Auth0 is hosting is checking the nonce?!