Auth0 Home Blog Docs

Nonce mismatch in OpenID Connect Enterprise Connections

I created a new OpenID Connect provider in the “Connections > Enterprise > OpenID Connect” menu.

When I try to login using my OpenID Connect provider to an application, browser redirects back to a URL like “http://localhost:3000/callback?error=invalid_request&error_description=nonce%20mismatch&state=BVT3U3oRv…”.

This happens because,
when Auth0 redirects to the authorization endpoint of my OpenID Connect provider,
it does NOT add a nonce!
The request parameters are (from Chrome developer tools)

client_id={valid-client-id}&scope=openid&response_type=code&redirect_uri=https%3A%2F%2F{tenant}.eu.auth0.com%2Flogin%2Fcallback&response_mode=query&state=XFQ...

So my OpenID Connect provider does NOT receive the nonce, and therefor cannot put it inside the id_token, but the RP (for my OpenID Connect provider) that Auth0 is hosting is checking the nonce?!