Describe the bug
We accidentally have an error "invalid_nonce_in_state". It happens because after redirect from authentication service Chrome 118 sometimes could not restore SessionStorage and therefore could not read any nonce-token.
To Reproduce
Steps to reproduce the behavior:
0) user logins in an app with angular-oauth2-oidc
1) user create new tab and copy-paste the app url to new tab. (nonce-token sets in SessionStorage)
2) the app redirects to some authentication service (in the same Chrome tab)
3) user redirects to the app again. (the app tries to read nonce-token from SessionStorage).
4) nonce-token=NULL because SessionStorage is empty
5) user has an error: invalid_nonce_in_state
Expected behavior
User receives nonce-token from SessionStorage. invalid_nonce_in_state does not appear.
Desktop (please complete the following information):
OS: only MacOS
Browser: only Chrome 118/119
Version: does not matter
Additional context
In fact it is NOT a problem of angular-oauth2-oidc at all. It is just Chrome bug. It happens with Chrome 118 and 119 only (it is ok with v117 and v120).
I just create this issue because somebody could stuck with this bug. And solution will be to update Chrome to 119. Our team spend a lot of time trying to find why we get this error. And probably this issue report would help someone.
Describe the bug We accidentally have an error "invalid_nonce_in_state". It happens because after redirect from authentication service Chrome 118 sometimes could not restore SessionStorage and therefore could not read any nonce-token.
To Reproduce Steps to reproduce the behavior:
0) user logins in an app with angular-oauth2-oidc 1) user create new tab and copy-paste the app url to new tab. (nonce-token sets in SessionStorage) 2) the app redirects to some authentication service (in the same Chrome tab) 3) user redirects to the app again. (the app tries to read nonce-token from SessionStorage). 4) nonce-token=NULL because SessionStorage is empty 5) user has an error: invalid_nonce_in_state
Expected behavior User receives nonce-token from SessionStorage. invalid_nonce_in_state does not appear.
Desktop (please complete the following information):
Additional context In fact it is NOT a problem of angular-oauth2-oidc at all. It is just Chrome bug. It happens with Chrome 118 and 119 only (it is ok with v117 and v120).
I just create this issue because somebody could stuck with this bug. And solution will be to update Chrome to 119. Our team spend a lot of time trying to find why we get this error. And probably this issue report would help someone.