
5n7cj (5n7cj) asked a question.
we ar eseieng the below error in the logs of the application while doing B2C login. First the application gives gateway tieout and then after page refresh it works. We have checked the logs ofthe application and found the below error.
It was running fine earlier and from the last few days this error start occuring in production. could you please provide valuable suggestion for this.
Exception: Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolInvalidNonceException
Message: IDX21323: RequireNonce is 'True'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.
Plesae refer to the code which we are using in application:
protected override void ProcessCore(IdentityProvidersArgs args)
{
if (args == null) throw new ArgumentNullException("args");
// Retrieve settings
var tenant = AccountSettings.AzureB2cTenant;
var clientId = AccountSettings.AzureB2cTenantAppId;
var tenantLoginHome = AccountSettings.AzureB2cTenantLoginHomeUrl;
var policy = AccountSettings.AzureB2cSigninSignupPolicy;
var redirectUrl = AccountSettings.AzureB2cRedirectUrl;
var postLogoutRedirectUrl = AccountSettings.SiteBaseUrl;
if (string.IsNullOrEmpty(tenant) || string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(tenantLoginHome) || string.IsNullOrEmpty(policy) || string.IsNullOrEmpty(redirectUrl) || string.IsNullOrEmpty(postLogoutRedirectUrl)) throw new ConfigurationException("Missing identity configuration");
args.App.UseKentorOwinCookieSaver();
args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions
{
Caption = GetIdentityProvider().Caption,
AuthenticationType = GetAuthenticationType(),
AuthenticationMode = AuthenticationMode.Passive,
ClientId = clientId,
RedirectUri = redirectUrl,
Scope = "openid offline_access",
ResponseType = "code id_token",
PostLogoutRedirectUri = postLogoutRedirectUrl,
Authority = $"https://{tenantLoginHome}/tfp/{tenant}/{policy}/v2.0",
MetadataAddress = $"https://{tenantLoginHome}/{tenant}/v2.0/.well-known/openid-configuration?p={policy}",
UseTokenLifetime = true,
TokenValidationParameters = new TokenValidationParameters() { NameClaimType = "emails" },
Notifications = new OpenIdConnectAuthenticationNotifications
{
RedirectToIdentityProvider = notification =>
{
var stateQueryString = notification.ProtocolMessage.State.Split('=');
var protectedState = stateQueryString[1];
var state = notification.Options.StateDataFormat.Unprotect(protectedState);
var querystringCollection = HttpContext.Current.Request.Url.ParseQueryString();
if (querystringCollection["current_page"] != null)
{
state.Dictionary.Add("currentpage", querystringCollection.Get("current_page"));
}
notification.ProtocolMessage.State = stateQueryString[0] + "=" + notification.Options.StateDataFormat.Protect(state);
return Task.FromResult(0);
},
SecurityTokenValidated = notification =>
{
notification.AuthenticationTicket.Identity.AddClaim(new Claim("idp", "AzureB2C"));
notification.AuthenticationTicket.Identity.ApplyClaimsTransformations(new TransformationContext(FederatedAuthenticationConfiguration, GetIdentityProvider()));
return Task.CompletedTask;
},
AuthorizationCodeReceived = notification =>
{
string currentPageUrl;
var protectedState = notification.ProtocolMessage.State.Split('=')[1];
var state = notification.Options.StateDataFormat.Unprotect(protectedState);
// Initialise service
var service = ServiceLocator.ServiceProvider.GetService<IB2cTokenService>();
if (service != null)
{
var principal = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);
service.GetIdTokenByAuthCode(notification.Code, principal.GetObjectIdentifierValue());
}
state.Dictionary.TryGetValue("currentpage", out currentPageUrl);
if (!string.IsNullOrEmpty(currentPageUrl))
{
var cookieService = ServiceLocator.ServiceProvider.GetService<Infrastructure.CookieManager.ICookieManager>();
cookieService.Set("currentpage", currentPageUrl);
}
return Task.CompletedTask;
}
},
});
}

Hello @5n7cj (5n7cj) Thank you for reacting out to our Community!
The error indicates an issue on Azure side, rather then Okta. Looking at the information provided I do not see anything related to Okta. I would recommend to reach out to Microsoft support for additional assistance and investigation on this matter.
Community members help others by clicking Like or Select as Best on responses. Try it today.
Coming soon: Get tips from community managers during Okta Community's first Ask Me Anything event on 6/22