Hello,

I have recently upgraded my project to Angular v14 and oidc package to 14.0.1. I am using a combination of Password and Code flows in my project. The configuration I use is as follows:

{
    issuer: '<Domain>',
    redirectUri: '<Redirect URL>',
    clientId: '<Client Id>',
    tokenEndpoint: '<Token URL>',
    loginUrl: '<Authorize URL>',
    useSilentRefresh: false,
    responseType: 'code',
    scope: 'openid profile offline_access <some more custom scopes>',
}

I started experiencing the following error after I upgraded my project to v14.0.1 when calling fetchTokenUsingPasswordFlow():

ERROR Error: Uncaught (in promise): Wrong nonce: undefined

In the Developer console, there is a warning right before the error:

Wrong nonce: undefined
    processIdToken
    (anonymous)
    ...

After looking at the source code, I found out that the error is coming from the following chain of method calls:

oauth-service.ts:824 > fetchTokenUsingPasswordFlow():833 > fetchTokenUsingGrant():903 > processIdToken():2240

It seems like the skipNonceCheck parameter of the processIdToken() method is not set. I'm not quite sure whether we need nonce for Password grant, but looking at line 971 where processIdToken() is used for refresh_token grant, the skipNonceCheck parameter is set to true.

Is this a bug or am I missing any configuration?