I'm trying to log in to PlayFab using OpenID Connect. On token reuse, I get informed by PlayFab that "token nonce reuse is not permitted" - despite having the 'ignore nonce' field checked. What does this field actually do?
I note the other questions on this topic; however simply logging in again with the Epic identity provider is not possible due to the way the SDK interacts with launcher's exchange tokens, which are extremely short-lived.
To reuse the token, you need to check "Ignore nonce" in your OpenId Connection setting and use an id token with “nonce” set to null. You can refer to Unity: Facebook Limited login - Playfab Community which mentioned this.
Thanks for your response. Am I to understand then that 'ignore nonce' is actually 'allow nonce to be null' and is therefore only applicable when using an identity provider over which I have control of the token? This is not something that can be done with Epic.
Yes, that’s correct. Currently, you need to have the control of the token to use “Ignore nonce”. If Epic does not support giving developers control over tokens, then “Ignore nonce” maybe not works for you. You can post a feature request for LoginWithOpenID to support "Ignore nonce" without checking nonce value in Id token.
34 People are following this question.
