So I am trying the following:
Client logs into my app via Auth0 authentication.
On successful authentication, an Auth0 rule kicks in and makes a callback to a page in my app which has a hidden iframe. This hidden iframe simply does a login to disclosure, so when the client clicks on the forum link he will already be logged in.
I am encountering a problem with the payload that is being sent to the disclosure sso URL.
The “nonce” is invalid/timed out.
Since the login is not being initiated via disclosure, I am generating a nonce in my Auth0 rule and sending that back as part of the payload to the disclosure sso URL.
Im unclear on how the nonce works so would appreciate some assistance. Is there a way to disable the nonce check in disclosure? if not, what do I need to do to get this to work?
I imagine disclosure is rejecting the sso login attempt because the nonce it received is one that it did not send in the first place.