Remove the nonce check in handleRedirectCallback (#678)

auth0 · Dec 17, 2020 · ae9c4ad · ae9c4ad
1 parent f7bab4c
commit ae9c4ad
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/src/Auth0Client.ts b/src/Auth0Client.ts
@@ -497,8 +497,8 @@ export default class Auth0Client {
 
     const transaction = this.transactionManager.get();
 
-    // Transaction should have a `code_verifier` to do PKCE and a `nonce` for CSRF protection
-    if (!transaction || !transaction.code_verifier || !transaction.nonce) {
+    // Transaction should have a `code_verifier` to do PKCE for CSRF protection
+    if (!transaction || !transaction.code_verifier) {
       throw new Error('Invalid state');
     }