Debugging of incorrect Nonce (mixup with State) #1458
Comments
|
Here a screenshot to try and visualize what I mean by mixup:
The nonce in Session/Local-Storage (tried both ways) is this one My hair is turning grey because I am trying to find this one out for a couple of days already. |
|
I found a promising lead on Stackoverflow: https://stackoverflow.com/a/77825619 |
|
Yes, toggling the two settings on the application page fixes the issue:
|
|
Depending on the desire of the maintainer(s) I am willing to submit a PR that documents this. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
After the user has logged in the client receives the correct access token which works when being used with the backend. The library correctly reports a failing nonce check.
Stackblitz example
I don't have a Stackblitz example but here are the relevant repositories:
To Reproduce
Steps to reproduce the behavior:
testuserExpected behavior
I would expect the login to work since I can see that
Desktop (please complete the following information):
Additional context
My authentication service is taken over from the example implementation of jeroenheijmans. If the network requests are closely monitored, one can see that the library takes the nonce from the state. I don't know if this is an incorrect Casdoor behavior but in the Casdoor UI under "Tokens" I can see that the Nonce is the one that is printed in the error message. As such it seems that all data is present but somewhere there is a mixup of nonce and state. I am unsure how to debug this mixup and if this is configuration or code-related.
The text was updated successfully, but these errors were encountered: