When using Temporal UI OIDC auth with Clerk, login redirects to Clerk successfully, but the callback to /auth/sso/callback fails with HTTP 400 and response:
{"message":"Nonce did not match"}
I am hosting temporal on a Railway service.
To Reproduce
- Configure Temporal UI auth with Clerk OIDC.
- Visit Temporal UI and click login.
- Redirect goes to Clerk authorize/sign-in.
- After successful sign-in, Clerk redirects back to:
/auth/sso/callback?code=...&state=...
- Callback returns 400 with Nonce did not match.
Observed request flow
/auth/sso?... sets state and nonce cookies and redirects to Clerk authorize endpoint.- Clerk returns to
/auth/sso/callback?code=...&state=....
- Callback request includes matching state and nonce cookies.
- Server still rejects with nonce mismatch.
Set env vars
TEMPORAL_ADDRESS="server:7233"
TEMPORAL_AUTH_CALLBACK_URL="https://xxx.up.railway.app/auth/sso/callback"
TEMPORAL_AUTH_CLIENT_ID="xxx"
TEMPORAL_AUTH_CLIENT_SECRET="xxx"
TEMPORAL_AUTH_ENABLED="true"
TEMPORAL_AUTH_PROVIDER_URL="https://xxx.clerk.accounts.dev"
TEMPORAL_DEFAULT_NAMESPACE="my-app"
When using Temporal UI OIDC auth with Clerk, login redirects to Clerk successfully, but the callback to
/auth/sso/callbackfails with HTTP 400 and response:I am hosting temporal on a Railway service.
To Reproduce
/auth/sso/callback?code=...&state=...Observed request flow
/auth/sso?...sets state and nonce cookies and redirects to Clerk authorize endpoint./auth/sso/callback?code=...&state=....Set env vars