Open crubach opened 1 year ago
I think the nonce validation is correct. I don't think this is part of the refresh. I will read up on this and validate.
Thanks for reporting
Greetings Damien
I had the same problem.
I have a server with OpenIdDIct, and a created a configuration for sample-code-flow-auto-login
For fix this error, I made some changes in the core project:
File state-validations.service.ts
FIle refresh-session-callback-handler.service.ts
But, I have a question: This changes makes sense for this problem?
@damienbod
I have the same issue. Why not validating nonce by default if this line handles when nonce is missing?
Version
15.0.2
Please provide a link to a minimal reproduction of the bug
No response
Please provide the exception or error you saw
Steps to reproduce the behavior
A clear and concise description of what you expected to happen.
Additional context
No response