Description
Describe the bug
After the user has logged in the client receives the correct access token which works when being used with the backend. The library correctly reports a failing nonce check.
Stackblitz example
I don't have a Stackblitz example but here are the relevant repositories:
- Docker-Compose: https://gitlab.com/geocollab/compose (main branch)
- Backend: https://gitlab.com/geocollab/geocollabserver (development branch)
- Frontend: https://gitlab.com/geocollab/geocollabweb (main branch)
To Reproduce
Steps to reproduce the behavior:
- Build the Backend and Frontend
- Start the devel compose
- Accept the incorrect certificate errors on all three services in the web browser
- Set the password in Casdoor for the
testuser - Try logging into the frontend
Expected behavior
I would expect the login to work since I can see that
Desktop (please complete the following information):
- OS: openSUSE Tumbleweed
- Browser: Chrome & Firefox
- Version: Latest in Tumbleweed
- Angular 18 with Material
Additional context
My authentication service is taken over from the example implementation of jeroenheijmans. If the network requests are closely monitored, one can see that the library takes the nonce from the state. I don't know if this is an incorrect Casdoor behavior but in the Casdoor UI under "Tokens" I can see that the Nonce is the one that is printed in the error message. As such it seems that all data is present but somewhere there is a mixup of nonce and state. I am unsure how to debug this mixup and if this is configuration or code-related.