[Guacamole] Rejected OpenID Token

[CrazyWolf13]

Describe the bug
Hi
I've set upt TOPT on my guacamole account.

Then I've setup Authentik auth, while disabling TOPT, this works fine.

After enabling TOPT again, and logging in, I get first redirected to authentik, log in, weirdly get a TOPT request, I enter the code, I get an error:

Jun 16 22:22:48 guacamole tomcat9[188]: 22:22:48.150 [http-nio-8080-exec-8] INFO  o.a.g.r.auth.AuthenticationService - User "XXXX" successfully authenticated from [192.168.1.200, 10.10.20.13].
Jun 16 22:22:53 guacamole tomcat9[188]: 22:22:53.477 [http-nio-8080-exec-10] INFO  o.a.g.a.o.t.TokenValidationService - Rejected OpenID token with invalid/old nonce.

To Reproduce
Steps to reproduce the behavior:

1. Enable Authentik loging method on guacamole
2. Also enable TOPT, so when not using authentik, I can still sign in with TOPT and user/password, as failproof.
3. End up in an auth loop or auth error.

Expected behavior
Well I expect not to get a rejected OpenID Token.

Screenshots

Logs

Jun 16 22:22:48 guacamole tomcat9[188]: 22:22:48.150 [http-nio-8080-exec-8] INFO  o.a.g.r.auth.AuthenticationService - User "XXXX" successfully authenticated from [192.168.1.200, 10.10.20.13].
Jun 16 22:22:53 guacamole tomcat9[188]: 22:22:53.477 [http-nio-8080-exec-10] INFO  o.a.g.a.o.t.TokenValidationService - Rejected OpenID token with invalid/old nonce.

Version and Deployment (please complete the following information):

• authentik version: 2024.4.2
• Deployment: [Docker-Compose]

[CrazyWolf13]

Was indeed an upstream issue on Guacamole -> https://issues.apache.org/jira/browse/GUACAMOLE-1780