|
|
|
|
|
|
by adaml_623
676 days ago
|
|
|
Talk to me about this, "Since the nonce will already have been consumed by the first request, the second request will be rejected." What if the nonce was still valid for the second response because your server detected that the connection was dropped for the first response? |
|
|
In Auth0's case, it appears the nonce is consumed early in the handling of the callback. In my correspondence with them, I confirmed that they do see that the first request is aborted (in the form of a log), but they take no action as a consequence.