Need help while Implementing SSO for dev environment

I have setup discourse in my local machine and wanted to setup SSO login I can redirect the user when it clicks on login but when I get redirected I am continuously getting errors, I enabled logging also and it says
Nonce is incorrect, was generated in a different browser session, or has expired
Below is the python file which I’m using: Discourse-setup/main.py at main · kamleshjoshi8102/Discourse-setup · GitHub

Also Please note in my case it’s running on port 4201 so I have redirected to port 4201 on login

This is the method that’s triggering the error:

  def nonce_valid?
    if SiteSetting.discourse_connect_csrf_protection
      nonce && @secure_session[nonce_key].present?
    else
      nonce && Discourse.cache.read(nonce_key).present?
    end
  end

It’s checking that the nonce was generated by Discourse for the same session as as the one that redirects the user back to Discourse.

You could try setting the discourse_connect_csrf_protection site setting to false. Its default value is true. It’s a hidden site setting, so it can only be disabled from the Rails console.

When enabled, the discourse_connect_csrf_protection setting ensures that the entire SSO authentication process occurs through browser redirects. If you are starting the authentication process by making a background request to session/sso, you will need to disable it. More details here: DiscourseConnect flow no longer functions - #5 by david.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.