How to fix the issues: IDX21323. Please suggest.

Shravani Kanderao 0 Reputation points
2024-12-17T06:37:51.07+00:00

Getting Issues:

IDX21323: RequireNonce is '[PII is hidden]'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
22,645 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Harshitha Eligeti 1,210 Reputation points Microsoft Vendor
    2024-12-17T21:23:02.3633333+00:00

    Hi @Shravani Kanderao • 

    Thank you for reaching out Microsoft Q&A.   

    I understand that you are receiving an error message stating IDX21323: RequireNonce is '[PII is hidden]'.     

    The error message IDX21323 typically occurs when the application cannot find the nonce cookie in the authenticated request. This happens when the browser makes a request to the OpenID Connect (OIDC) application protected by Azure AD, but the request is unauthenticated, causing a redirect to login.microsoftonline.com for user login. 

    If your application doesn't require nonce validation, you can disable it by setting RequireNonce to false. However, it’s important to note that while this may resolve the issue, it is generally recommended to keep nonce validation enabled (RequireNonce = true) to maintain the security of your application. 

    app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions() 
        { 
            Notifications = new OpenIdConnectAuthenticationNotifications() 
            { 
                AuthenticationFailed = AuthenticationFailedNotification<OpenIdConnect.OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> authFailed => 
                { 
                    if (authFailed.Exception.Message.Contains("IDX21323")) 
                    { 
                        authFailed.HandleResponse(); 
                        authFailed.OwinContext.Authentication.Challenge(); 
                    } 
      
                    await Task.FromResult(true); 
                } 
            } 
        }); 
    

    For additional information refer this link: Receiving error IDX21323 or DX10311 RequireNonce… – Azure Active Directory Developer Support Team 

    [Getting error "IDX21323: RequireNonce is '[PII is hidden]'." - Microsoft Q&A](https://learn.microsoft.com/en-us/answers/questions/2100281/getting-error-idx21323-requirenonce-is-(pii-is-hid) 

     

    Hope this helps. Do let us know if you have any further queries. 

    If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further queries do let us know. 
    Regards, 
    Harshitha Eligeti


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.