"validating access_token failed. wrong state/nonce." when performing silentRefresh manually
See original GitHub issueAngular version: 5.2.7 angular-oauth2-oidc version: 3.1
I have the following setup:
oauthConfig.clientId = authConfig.clientId;
oauthConfig.redirectUri = this.checkURL(authConfig.redirectUri);
oauthConfig.scope = authConfig.scope;
oauthConfig.oidc = true;
oauthConfig.issuer = this.checkURL(authConfig.issuer);
oauthConfig.requireHttps = authConfig.requireHttps;
oauthConfig.silentRefreshRedirectUri = this.checkURL(authConfig.redirectUri + /silent-refresh.html');
this.oauthService.configure(oauthConfig);
this.oauthService.setupAutomaticSilentRefresh();
When performing a silent refresh, I need to get the new access token and pass it to other parts of the application. This is how I attempt to get the token:
this.oauthService.events.subscribe(({ type }) => {
switch (type) {
case 'token_refreshed':{
//This event doesn't get detected when the automatic silent refresh happens
break;
}
case 'silently_refreshed':{
//This event doesn't get detected when the automatic silent refresh happens
break;
}
case 'token_expires':{
this.oauthService.silentRefresh().then(()=>{
//Here I want to pass the new token to the other parts of the app
}).catch((err)=>{ return; });
break;
}
}
});
When I manually do the silent refresh, I get an error that says “validating access_token failed. wrong state/nonce.”.
I have auto-silent refresh set up as well, however the events are not triggered when the silent refresh happens, so I can’t pass the token to the other parts of the application there either.
The silent refresh request always returns 302 error.
Am I doing something wrong?
I’m using initImplicitFlow() BTW.
Issue Analytics
- State:
- Created 5 years ago
- Comments:5 (2 by maintainers)
Top Results From Across the Web
OAuthService - angular-oauth2-oidc
Performs a silent refresh for implicit flow. Use this method to get new tokens when/before the existing tokens expire. Parameters : Name, Type,...
Read more >angular-oauth2-oidc
nonceInState) {\r\n const err = 'Validating access_token failed, wrong state/nonce.';\r\n console.error(err, savedNonce, nonceInState);\r\n return false ...
Read more >Angular-oauth2-oidc: Error validating tokens. Wrong nonce.
After integrating the Angular-oauth2-oidc library in our application, we got the following error message when invoking the Implicit Flow:.
Read more >IdentityServer/IdentityServer4 - Gitter
Unfortunately, I get an error that message.State is empty and I'm not sure how to proceed. Has anyone used AWS Cognito with Identity...
Read more >angular-oauth2-oidc
I have an error when I started my angular using oauth2-oidc, ... Howto set token manually? $ 0 ... Validating access_token failed, wrong...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
302 should be fine. It’s just the redirect back to your SPA.
This issue occours most of the time due to a race conditions. Is it possible that “at the same time” another part of the software is calling
silentRefreshorinitImplicitFlow?In this case, the following sequence would happen:
@gustavshf Good to hear you found the root cause. I think you can close the issue yourself, should be a button next to the green “Comment” button at the bottom of the page.