How to fix the issues: IDX21323. Please suggest.

Question

Getting Issues:

IDX21323: RequireNonce is '[PII is hidden]'. OpenIdConnectProtocolValidationContext.Nonce was null, OpenIdConnectProtocol.ValidatedIdToken.Payload.Nonce was not null. The nonce cannot be validated. If you don't need to check the nonce, set OpenIdConnectProtocolValidator.RequireNonce to 'false'. Note if a 'nonce' is found it will be evaluated.

Answer 1

Hi @Shravani Kanderao • 

Thank you for reaching out Microsoft Q&A.   

I understand that you are receiving an error message stating IDX21323: RequireNonce is '[PII is hidden]'.     

The error message IDX21323 typically occurs when the application cannot find the nonce cookie in the authenticated request. This happens when the browser makes a request to the OpenID Connect (OIDC) application protected by Azure AD, but the request is unauthenticated, causing a redirect to login.microsoftonline.com for user login. 

If your application doesn't require nonce validation, you can disable it by setting RequireNonce to false. However, it’s important to note that while this may resolve the issue, it is generally recommended to keep nonce validation enabled (RequireNonce = true) to maintain the security of your application. 

app.UseOpenIdConnectAuthentication(new OpenIdConnectAuthenticationOptions() 
    { 
        Notifications = new OpenIdConnectAuthenticationNotifications() 
        { 
            AuthenticationFailed = AuthenticationFailedNotification<OpenIdConnect.OpenIdConnectMessage, OpenIdConnectAuthenticationOptions> authFailed => 
            { 
                if (authFailed.Exception.Message.Contains("IDX21323")) 
                { 
                    authFailed.HandleResponse(); 
                    authFailed.OwinContext.Authentication.Challenge(); 
                } 
  
                await Task.FromResult(true); 
            } 
        } 
    }); 

For additional information refer this link: Receiving error IDX21323 or DX10311 RequireNonce… – Azure Active Directory Developer Support Team 

[Getting error "IDX21323: RequireNonce is '[PII is hidden]'." - Microsoft Q&A](https://learn.microsoft.com/en-us/answers/questions/2100281/getting-error-idx21323-requirenonce-is-(pii-is-hid) 

 

Hope this helps. Do let us know if you have any further queries. 

If this answers your query, do click Accept Answer and Yes for was this answer helpful. And, if you have any further queries do let us know. 
Regards, 
Harshitha Eligeti

Answer 2

Hello @Shravani Kanderao,

Thank you for your feedback.

Based on the error message you provided, I investigated internally and found a similar case where the issue was resolved using the following solution. Please review it and let me know if it helps resolve your issue.

Error: {"IDX21329: RequireState is 'True' but the OpenIdConnectProtocolValidationContext.State is null. State cannot be validated."}

Solution: This issue can occur when the application is using the HTTP protocol for localhost. It was resolved by configuring HTTPS for localhost. If your application currently uses HTTP, please switch to HTTPS instead.

If the issue persists despite following the above steps, please provide additional context regarding the steps you are performing and the specific location where the error occurs. It would be greatly appreciated if you could include a screenshot of the steps you're following. If you're referring to any documentation, kindly attach it as well.

I hope this information is helpful. Please feel free to reach out if you have any further questions.

Thanks,
Raja Pothuraju.