Sporadic issue wp-discourse/SSO: Nonce has already expired

I adding some more to my debugging input so I could inspect the $sso_params passed into the sync_sso in an existing user case (success) versus new user case (failure), they both look similar. They both show properly filled out values for all these:

[avatar_force_update]
[avatar_url
[bio]
[name]
[require_activation]
[email]
[username]
[external_id] 

What’s also head-scratching is that we have another very similar WordPress/Discourse installation and this doesn’t happen at all there. I’m going to pore over all the Discourse settings for each and see if there any differences that might be causing this.

2 Likes

I compared the settings for each of our Discourse forums and they are virtually the same. Thanks @RGJ for the help here. You guys are always very helpful. And luckily we hardly have any issues due to your good hosting. I’m sure we’ll track this down.

1 Like

I faced the same issue after taking a backup of the running Ec2 Instance and launching it again

The nonce relies on having the value set in redis and in session for csrf validation

I turned off the SiteSetting.discourse_connect_csrf_protection which made the login work consistently, but I haven’t debugged why the session is not being set properly yet