emillumine
commented
2 years ago Nevermind, our OpenID Connect provider doesn't require the nonce if we dont make openid requests but only oauth (just dont put "openid" in scopes) :)
Closed emillumine closed 2 years ago
emillumine
commented
2 years ago Nevermind, our OpenID Connect provider doesn't require the nonce if we dont make openid requests but only oauth (just dont put "openid" in scopes) :)
Our OpenID Connect provider (https://gitlab.com/yaal/canaille) requires a unique “nonce” to be sent when redirecting to the authorization endpoint (in the authorization code flow).
When configuring and testing this auth provider in fider "Authentication" site settings, it fails because of "Missing nonce in request" (provider side). Is there any configuration/ability to make fider sending nonce in this scenario?
Thanks in advance for your help!