It's a carry over from the first post. What is happening is I'm trying to access Args.Token.Claims.Items['nonce'] in OnConfigureToken, which I think may have worked for IdToken, but as it's generating access_token on the 1st round and that does not have nonce, it bombs out.
Can Args.Token.Claims generally be accessed there, in OnConfigureToken?
Is there a way to know if it's building access_ or id_token when OnConfigureToken is called?
Is there any way in OnConfigureToken to get to the nonce without accessing Args.Token.Claims?
Yes, Args.Token.Claims can be accessed there, but of course, if such claim does not exist, an exception will be raised.
It's always safer to check if the claim exist before trying to access it, using Args.Token.Claims.Exists(ClaimName) or Args.Token.Claims.Find(ClaimName) which returns nil if no claim exists.
Yes:
if Args.Token.TokenType = TokenTypes.AccessToken then
...
else
if Args.Token.TokenType = TokenTypes.IdentityToken then
...
Easiest way is to access Args.Token.Claims, the nonce value will be there if a nonce value exists. If the claim is not there, it means nonce is an empty string.