Failed OIDC callback due to missing nonce in Keycloak

911 views
Skip to first unread message

Jeffrey Heneine

unread,
Apr 27, 2023, 6:58:12 AM4/27/23
to Keycloak User

I am currently facing an issue with the integration of ZOHO People API as Identity Provider (OIDC) in Keycloak. When attempting to make an identity provider OAuth callback, the following error message is displayed:

"Failed to make identity provider OAuth callback: org.keycloak.broker.provider.IdentityBrokerException: OpenID Provider [OIDC] did not return a nonce."

I have checked the Keycloak documentation and forums, but I have not found any solutions to this problem.

Could you please provide me with any insights or suggestions on how to resolve this issue? Additionally, if there are any further details that would be helpful in diagnosing the problem, please let me know.

Thank you for your assistance.

Schuster Sebastian (BD/PAU1)

unread,
Apr 27, 2023, 7:05:31 AM4/27/23
to Jeffrey Heneine, Keycloak User

According to OIDC spec (https://openid.net/specs/openid-connect-core-1_0.html): “If present in the Authentication Request, Authorization Servers MUST include a nonce Claim in the ID Token with the Claim Value being the nonce value sent in the Authentication Request.”

According to the error message, your identity provider does not do this so it is not compliant to OIDC spec. You would have to ask them to fix this.

 

Best regards,

Sebastian

 

Mit freundlichen Grüßen / Best regards

Dr.-Ing. Sebastian Schuster 

Product Area User Management (BD/PAU1)
Bosch.IO GmbH | Ullsteinstr. 128 | 12109 Berlin | GERMANY | www.bosch.io
Tel. +49 30 726112-485 | Mobil +49 152 02177668 | Telefax +49 30 726112-100Sebastian...@bosch.io

Sitz: Berlin, Registergericht: Amtsgericht Charlottenburg; HRB 148411 B
Aufsichtsratsvorsitzender: Stefan Koss; Geschäftsführung: Dr. Andreas Nauerz, Stephan Lampel 

--
You received this message because you are subscribed to the Google Groups "Keycloak User" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keycloak-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/keycloak-user/8d5da2a1-6c98-4a02-999f-99c038248ac6n%40googlegroups.com.

Reply all
Reply to author
Forward
0 new messages