Skip to content

Skip nonce check when using password grant#1455

Open
jwgmeligmeyling wants to merge 1 commit into
manfredsteyer:masterfrom
jwgmeligmeyling:skip-nonce-password-grant
Open

Skip nonce check when using password grant#1455
jwgmeligmeyling wants to merge 1 commit into
manfredsteyer:masterfrom
jwgmeligmeyling:skip-nonce-password-grant

Conversation

@jwgmeligmeyling

@jwgmeligmeyling jwgmeligmeyling commented Dec 9, 2024

Copy link
Copy Markdown

Token responses from a password grant may return an id token, but these will never contain a nonce as there is no way to provide one. Therefore, in this scenario, the nonce validation should be skipped when processing the id token.

Fixes #1324

@singatias

Copy link
Copy Markdown

Would be nice to have a fix to this error if a maintainer can take a look at it.

@jwgmeligmeyling

Copy link
Copy Markdown
Author

Did you see #1324 (comment) ? I think thats actually a sensible workaround

@L-X-T L-X-T force-pushed the master branch 2 times, most recently from e1fc6c5 to 5d10af2 Compare June 30, 2025 12:18
@Sebi11

Sebi11 commented Nov 3, 2025

Copy link
Copy Markdown

Should we apply the same fix for the type 'urn:ietf:params:oauth:grant-type:token-exchange', when using the token exchange grant, through the method fetchTokenUsingGrant?

@L-X-T L-X-T force-pushed the master branch 2 times, most recently from 1421146 to 4dff3c3 Compare June 11, 2026 07:23
@L-X-T L-X-T force-pushed the master branch 5 times, most recently from 581dc7a to 328e014 Compare June 26, 2026 06:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

"Wrong nonce: undefined" during login with Password grant

3 participants