Is there a hard and fast requirement for tokens passed to Playfab via LoginWithOpenID to contain a nonce element?
Is there a hard and fast requirement for tokens passed to Playfab via LoginWithOpenID to contain a nonce element?
Hi, it seems that the nonce element is required by design, the nonce element is baked into your IdToken. If you log into your identity provider again you’ll get a new JWT with a new nonce that you can provide us. For more info, you may find this thread answered by Andy helpful: https://community.playfab.com/questions/27207/openidconnect-token-nonce-reuse-is-not-permitted.html
Ok, so it is required by playfab... We are getting direct access tokens, meaning there is no nonce present. Our options are find some way of forcing it into the token, IE edit the code for the provider we are using (Keycloak), or we can swap to the more traditional method of getting an authorization code and requesting a full token set, but this is problematic in Unity....
Yeah. It’s required currently, sorry for the inconvenience. However, maybe you could make a feature request about it here: https://community.playfab.com/spaces/24/index.html
2 People are following this question.
