<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
0D54z00009LgOUvCANOkta Classic EngineAuthenticationAnswered2024-07-21T09:02:33.000Z2023-06-19T14:45:01.000Z2023-06-21T00:08:31.000Z

5n7cj (5n7cj) asked a question.

Getting Message: IDX21323: RequireNonce is 'True' in sitecore application intemittenlt from last few days and on page refresh it works

we ar eseieng the below error in the logs of the application while doing B2C login. First the application gives gateway tieout and then after page refresh it works. We have checked the logs ofthe application and found the below error.

 

It was running fine earlier and from the last few days this error start occuring in production. could you please provide valuable suggestion for this.

 

 

Exception: Microsoft.IdentityModel.Protocols.OpenIdConnect.OpenIdConnectProtocolInvalidNonceException 

Message: IDX21323: RequireNonce is 'True'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated. 

 

 

 

Plesae refer to the code which we are using in application:

 

    protected override void ProcessCore(IdentityProvidersArgs args)

    {

      if (args == null) throw new ArgumentNullException("args");

 

      // Retrieve settings

      var tenant = AccountSettings.AzureB2cTenant;

      var clientId = AccountSettings.AzureB2cTenantAppId;

      var tenantLoginHome = AccountSettings.AzureB2cTenantLoginHomeUrl;

      var policy = AccountSettings.AzureB2cSigninSignupPolicy;

      var redirectUrl = AccountSettings.AzureB2cRedirectUrl;

      var postLogoutRedirectUrl = AccountSettings.SiteBaseUrl;

      if (string.IsNullOrEmpty(tenant) || string.IsNullOrEmpty(clientId) || string.IsNullOrEmpty(tenantLoginHome) || string.IsNullOrEmpty(policy) || string.IsNullOrEmpty(redirectUrl) || string.IsNullOrEmpty(postLogoutRedirectUrl)) throw new ConfigurationException("Missing identity configuration");

 

      args.App.UseKentorOwinCookieSaver();

      args.App.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions

      {

        Caption = GetIdentityProvider().Caption,

        AuthenticationType = GetAuthenticationType(),

        AuthenticationMode = AuthenticationMode.Passive,

        ClientId = clientId,

        RedirectUri = redirectUrl,

        Scope = "openid offline_access",

        ResponseType = "code id_token",

        PostLogoutRedirectUri = postLogoutRedirectUrl,

        Authority = $"https://{tenantLoginHome}/tfp/{tenant}/{policy}/v2.0",

        MetadataAddress = $"https://{tenantLoginHome}/{tenant}/v2.0/.well-known/openid-configuration?p={policy}",

        UseTokenLifetime = true,

        TokenValidationParameters = new TokenValidationParameters() { NameClaimType = "emails" },

        Notifications = new OpenIdConnectAuthenticationNotifications

        {

          RedirectToIdentityProvider = notification =>

          {

            var stateQueryString = notification.ProtocolMessage.State.Split('=');

            var protectedState = stateQueryString[1];

            var state = notification.Options.StateDataFormat.Unprotect(protectedState);

 

            var querystringCollection = HttpContext.Current.Request.Url.ParseQueryString();

            if (querystringCollection["current_page"] != null)

            {

              state.Dictionary.Add("currentpage", querystringCollection.Get("current_page"));

            }

 

            notification.ProtocolMessage.State = stateQueryString[0] + "=" + notification.Options.StateDataFormat.Protect(state);

            return Task.FromResult(0);

          },

          SecurityTokenValidated = notification =>

          {

            notification.AuthenticationTicket.Identity.AddClaim(new Claim("idp", "AzureB2C"));

            notification.AuthenticationTicket.Identity.ApplyClaimsTransformations(new TransformationContext(FederatedAuthenticationConfiguration, GetIdentityProvider()));

            return Task.CompletedTask;

          },

          AuthorizationCodeReceived = notification =>

          {

            string currentPageUrl;

            var protectedState = notification.ProtocolMessage.State.Split('=')[1];

            var state = notification.Options.StateDataFormat.Unprotect(protectedState);

 

            // Initialise service

            var service = ServiceLocator.ServiceProvider.GetService<IB2cTokenService>();

            if (service != null)

            {

              var principal = new ClaimsPrincipal(notification.AuthenticationTicket.Identity);

              service.GetIdTokenByAuthCode(notification.Code, principal.GetObjectIdentifierValue());

            }

 

            state.Dictionary.TryGetValue("currentpage", out currentPageUrl);

            if (!string.IsNullOrEmpty(currentPageUrl))

            {

              var cookieService = ServiceLocator.ServiceProvider.GetService<Infrastructure.CookieManager.ICookieManager>();

              cookieService.Set("currentpage", currentPageUrl);

            }

 

            return Task.CompletedTask;

          }

        },

 

      });

    }


This question is closed.
Loading
Getting Message: IDX21323: RequireNonce is 'True' in sitecore application intemittenlt from last few days and on page refresh it works