search

DuendeSoftware / IdentityServer

The most flexible and standards-compliant OpenID Connect and OAuth 2.x framework for ASP.NET Core
https://duendesoftware.com/products/identityserver
Other
1.49k stars 344 forks source link

Raise an error if the idp doesn't match the requested idp #1517

Open josephdecock opened 9 months ago

josephdecock commented 9 months ago

If the client sends a bad/misconfigured/changed idp value, we should give some kind of error rather than redirecting to the login page forever.

Perhaps we should add a virtual method to the interaction response generator so that implementers can customize this more easily.

See https://github.com/DuendeSoftware/Support/issues/1095

brockallen commented 9 months ago

IIRC we currently emit a log entry indicating that this is the reason for redirecting back to login.

josephdecock commented 9 months ago

Yes, we do have an info log:

Logger.LogInformation("Showing login: Current IdP ({currentIdp}) is not the requested IdP ({idp})", currentIdp, idp);