search

DuendeSoftware / Samples

Samples for our Products
Other
225 stars 269 forks source link

Correlation Cookie Problem #122

Closed galvesribeiro closed 1 year ago

galvesribeiro commented 1 year ago

Hello!

We're getting Correlation failed and sometimes '{CorrelationCookieName}' cookie not found.

System.Exception: An error was encountered while handling the remote login.
 ---> System.Exception: Correlation failed.
   --- End of inner exception stack trace ---
   at Microsoft.AspNetCore.Authentication.RemoteAuthenticationHandler`1.HandleRequestAsync()
   at Duende.IdentityServer.Hosting.FederatedSignOut.AuthenticationRequestHandlerWrapper.HandleRequestAsync() in /_/src/IdentityServer/Hosting/FederatedSignOut/AuthenticationRequestHandlerWrapper.cs:line 52
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 48
   at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 28
   at <REDACTED>.JWKSResponseHeaderMiddleware.Invoke(HttpContext context) in /home/vsts/work/1/s/src/<REDACTED>.Host/JWKCacheMiddleware.cs:line 28
   at Program.<>c.<<<Main>$>b__0_21>d.MoveNext() in /home/vsts/work/1/s/src/<REDACTED>.Host/Program.cs:line 308
--- End of stack trace from previous location ---
   at <REDACTED>.ExceptionHandlerMiddleware.Invoke(HttpContext context) in /home/vsts/work/1/s/src/<REDACTED>/ExceptionHandlerMiddleware.cs:line 27

The authentication is configured as follow:

builder.Services.AddAuthentication()
    .AddApple(opt =>
    {
        builder.Configuration.Bind($"{Constants.APP_NAME}:Apple", opt);
        opt.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;

        opt.PrivateKey = (keyId, ct) =>
        {
            var privateKey = builder.Configuration[$"{Constants.APP_NAME}:Apple:PrivateKey"]!.ToString();

            return Task.FromResult(privateKey.AsMemory());
        };

        opt.GenerateClientSecret = true;
    })
    .AddGoogle(opt =>
    {
        builder.Configuration.Bind($"{Constants.APP_NAME}:Google", opt);
        opt.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
    })
    .AddFacebook(opt =>
    {
        builder.Configuration.Bind($"{Constants.APP_NAME}:Facebook", opt);
        opt.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme;
    });

And Identity Server like this:

builder.Services.AddIdentityServer(options =>
{
    options.LicenseKey = builder.Configuration[$"{Constants.APP_NAME}:LicenseKey"];
})
.UseCustomGrants()
.AddOperationalStore()
.AddConfigurationStore()
.AddConfigurationStoreCache()
.AddAspNetIdentity<CIIdentity>();

Can you guys spot what we are missing in regards to the configuration? There is not Cookie-specific configuration in our code, so it should all be whatever is the default. We also noticed that it happens way more often with Google signing rather than Facebook or Apple.

That is essentially preventing people from authenticate.

Identity Server: 6.2.0 .Net: 7

Thank you! I really appreciate any insights.