aspnetcore: OIDC Infinite Loop

Hi, I mentioned a problem with the authorization header here: https://github.com/dotnet/aspnetcore/issues/26604#issuecomment-703767331

If I manipulate the header and the authorization works, I get an infinite loop. The login is called, I authorize with German nPA, RedeemAuthorizationCodeAsync is triggered, the Callback URL is called and the OpenIdConnect Handler jumps back to the login from which the loop repeats again.

This is how I use it:


`   public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.AddAuthentication(options => {
           options.DefaultScheme =  CookieAuthenticationDefaults.AuthenticationScheme;
             
            options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
        })

        .AddCookie("auth1")
        
        .AddOpenIdConnect(o =>
   {
       o.ClientId = "...";
       
       o.ClientSecret = "...";
       o.SignInScheme="auth1";   
     
       
       o.Authority = "https://....";

       o.ResponseType = "code";
 
       o.CallbackPath = new PathString("/Home/Response");


        o.Scope.Clear();
        o.Scope.Add("openid");`

Not using Cookies will result in an Exception. Is it a problem with the cookie Authentication so that the login is called again? I test with localhost on Mac OS that shouldn’t be the problem…

Regards,

Dirk

About this issue

  • Original URL
  • State: closed
  • Created 4 years ago
  • Comments: 23 (11 by maintainers)

Most upvoted comments

No stupid questions, only stupid computers 😁.

+1
Tratcher on Oct 20, 2020
Read more comments on GitHub
← aspnetcore: [OIDC] - Failed to authenticate - Regression after upgrading to .NET 7
aspnetcore: On Linux, failing to bind the address on Start generates a coredump →