When the authorize endpoint is called with max_age=0 parameter it is copied to the callback returnUrl. So after successful login the user is redirected to the login page again (with the max_age parameter again in the returnUrl).
To Reproduce
Call authorize endpoint with max_age=0
Expected behavior
User logs-in and max age is not checked on callback.
Versions used
Describe the bug
When the authorize endpoint is called with
max_age=0
parameter it is copied to the callback returnUrl. So after successful login the user is redirected to the login page again (with the max_age parameter again in the returnUrl).To Reproduce
Call authorize endpoint with
max_age=0
Expected behavior
User logs-in and max age is not checked on callback.
Proposed solution - see the pull request