SSO incorrect nonce

Hello,

I have a problem integrating the Discourse Connect SSO solution.
Everything is up and running and all of the data I encode and decode seem correct.

The problem is that when I try to login I get a login error

Account login timed out, please try logging in again.

and on the /logs page I can see

Nonce is incorrect, was generated in a different browser session, or has expired

Weirdly when I start the SSO process the /logs page shows this nonce

nonce: 5bfe777da39abd9199ef213453975310

but in the redirect URL that leads to my login page the sso parameter is

bm9uY2U9NzE1ZDE5MDM3YTUzZDY0ZDY4NTU3YjIyMzVmYmE4NzEmcmV0dXJuX3Nzb191cmw9aHR0cHMlM0ElMkYlMkZmb3J1bXMucGxheXJlc3BhcmsuY29tJTJGc2Vzc2lvbiUyRnNzb19sb2dpbg%3D%3D

which after decoding shows this nonce

nonce=715d19037a53d64d68557b2235fba871

therefore the nonce doesn’t match in the final payload.

Is this a bug or am I doing something wrong ?

Currently we are using the latest 2.9.0.beta4 version.

1 Like

I currently have this exact same problem, did you come to any sort of resolution?

I currently have this exact same problem

i found if close force_https can resolve this problem

I solved this problem . Because i use a proxies, but not add header :X-Forwarded-Proto . When I add this Header the problem was solved .

https://meta.discourse.org/t/403-error-when-changing-any-settings-after-enabling-force-https-with-proxy/132246/4