[OAuth2][open_id_connect] report "Missing \"nonce\" in request." #11030

Open
opened 2025-11-02 09:25:38 -06:00 by GiteaMirror · 0 comments
Owner

Originally created by @PiggyRan on GitHub (Jun 15, 2023).

Description

When I using oauth2 to login via open_id_connect, the open_id server return an error like:
{
"error": "invalid_request",
"error_description": "Missing "nonce" in request."
}

Below is the url log:

When I GET url:
https://gitea.***.ai/user/oauth2/OpenID

It returns response like:
307 Temporary Redirect
with location:
https://sso..ai/oauth/authorize?client_id=****&redirect_uri=https%3A%2F%2Fgitea.xiaoyu.ai%2Fuser%2Foauth2%2FOpenID%2Fcallback&response_type=code&scope=openid&state=74343ad0-3474-4ec8-95a8-c63831b6f963

However, when the gitlab use the same open_id server, it returns location like this:
https://sso..ai/oauth/authorize?client_id=&nonce=d0c7dae4*6302a2f2c287fbacc&redirect_uri=https%3A%2F%2Fgitlab.xiaoyu.ai%2Fusers%2Fauth%2Fopenid_connect%2Fcallback&response_type=code&scope=openid%20profile%20email&state=6db86cf2cca5f81403d1f67ac8656658

the location of gitea missed the parameter: nonce

Gitea Version

1.19.3

Can you reproduce the bug on the Gitea demo site?

No

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

I run the gitea via docker image gitea/gitea:1.19.3

Database

MySQL

Originally created by @PiggyRan on GitHub (Jun 15, 2023). ### Description When I using oauth2 to login via open_id_connect, the open_id server return an error like: { "error": "invalid_request", "error_description": "Missing \"nonce\" in request." } Below is the url log: When I GET url: https://gitea.***.ai/user/oauth2/OpenID It returns response like: 307 Temporary Redirect with location: https://sso.***.ai/oauth/authorize?client_id=*******&redirect_uri=https%3A%2F%2Fgitea.xiaoyu.ai%2Fuser%2Foauth2%2FOpenID%2Fcallback&response_type=code&scope=openid&state=74343ad0-3474-4ec8-95a8-c63831b6f963 However, when the gitlab use the same open_id server, it returns location like this: https://sso.***.ai/oauth/authorize?client_id=******&nonce=d0c7dae4****6302a2f2c287fbacc&redirect_uri=https%3A%2F%2Fgitlab.xiaoyu.ai%2Fusers%2Fauth%2Fopenid_connect%2Fcallback&response_type=code&scope=openid%20profile%20email&state=6db86cf2cca5f81403d1f67ac8656658 the location of gitea missed the parameter: **nonce** ### Gitea Version 1.19.3 ### Can you reproduce the bug on the Gitea demo site? No ### Log Gist _No response_ ### Screenshots _No response_ ### Git Version _No response_ ### Operating System _No response_ ### How are you running Gitea? I run the gitea via docker image gitea/gitea:1.19.3 ### Database MySQL
GiteaMirror added the type/bug label 2025-11-02 09:25:38 -06:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#11030