Ctrl+K

Generate a cryptographic nonce for SSO id_token verification

post/api/v2/oauth/{identityProvider}/nonce

The nonce is stored server-side in Redis and must be included as the nonce parameter in the IdP authorization URL. The IdP will embed it in the signed id_token, allowing the server to verify the token was issued for this specific login attempt and prevent replay attacks.

Path Parameters

identityProviderstringRequired
The identity provider such as msEntra or okta
Enum: msEntra okta

Request Body

username string required

The email address or username of the user initiating SSO login. Used to bind the nonce to a specific user.

200 Response

nonce string required

A cryptographically random nonce to include in the IdP authorization URL.

400 Response

name string

Error code

context object required

Properties that apply to a specific error name

error string required

Human-readable error message

requestId string required

Client request id

Is this page helpful?