TechQA.

How to fix RPError: nonce mismatch, expected xxxxx, got: undefined" error using casdoor OIDC

65 views Asked by At

I've integrated Casdoor login with directus using openid connect and there is a problem in login flow. When user is authenticated on casdoor side, it redirects to redirect_url with code and state query params and on callback stage, directus decodes JWT and it cannot find nonce in the payload and it throws the error:

nonce mismatch, expected xxxxxxxxxxx , got: undefined

I modified directus image to disable the nonce check and after that it worked fine but I know that's a dangerous thing to do and it's not a workaround. So I wanted to know why casdoor is not adding nonce in the payload.

This is how my login request looks like:

https://casdoor.local/login/oauth/authorize?client_id=<CLIENT_ID>&scope=openid%20email%20profile&response_type=code&redirect_uri=https%3A%2F%2Fdirectus.local%2Fauth%2Flogin%2Fcasdoor%2Fcallback&access_type=offline&code_challenge=<CODE_CHALLENGE>&code_challenge_method=S256&state=GqOMoe4GOjBlFxCBPpKb0GAzzshZVNH_NHpZcO1lTiw&nonce=GqOMoe4GOjBlFxCBPpKb0GAzzshZVNH_NHpZcO1lTiw

And this is how my callback looks like:

https://directus.local/auth/login/casdoor/callback?code=<CODE>&state=GqOMoe4GOjBlFxCBPpKb0GAzzshZVNH_NHpZcO1lTiw

I also decoded the JWT returned on callback using online decoder https://jwt.io/ and saw that it doesn't contain any nonce value. Is it something to do with my login request to ask for nonce in response? or could it be the bug on casdoor side?

JFI, I'm using latest versions of both casdoor and directus and my directus env variables are following for integration with casdoor:

PUBLIC_URL: ${PUBLIC_URL}
AUTH_PROVIDERS: ${AUTH_PROVIDERS}
AUTH_CASDOOR_DRIVER: ${AUTH_CASDOOR_DRIVER}
AUTH_CASDOOR_CLIENT_ID: ${AUTH_CASDOOR_CLIENT_ID}
AUTH_CASDOOR_CLIENT_SECRET: ${AUTH_CASDOOR_CLIENT_SECRET}
AUTH_CASDOOR_SCOPE: ${AUTH_CASDOOR_SCOPE}
AUTH_CASDOOR_ISSUER_URL: ${AUTH_CASDOOR_ISSUER_URL}
AUTH_CASDOOR_AUTHORIZE_URL: ${AUTH_CASDOOR_AUTHORIZE_URL}
AUTH_CASDOOR_ACCESS_URL: ${AUTH_CASDOOR_ACCESS_URL}
AUTH_CASDOOR_PROFILE_URL: ${AUTH_CASDOOR_PROFILE_URL}
AUTH_CASDOOR_ALLOW_PUBLIC_REGISTRATION: ${AUTH_CASDOOR_ALLOW_PUBLIC_REGISTRATION}
AUTH_CASDOOR_DEFAULT_ROLE_ID: ${AUTH_CASDOOR_DEFAULT_ROLE_ID}
oauth-2.0 oauth openid-connect directus openid-provider
Original Q&A
0

There are 0 answers

Related Questions in OAUTH-2.0

Related Questions in OAUTH

Related Questions in OPENID-CONNECT

Related Questions in DIRECTUS

Related Questions in OPENID-PROVIDER

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions