search

DuendeSoftware / Support

Support for Duende Software products
20 stars 0 forks source link

Dynamic provider redirects back to login #1319

Open computaserik opened 1 week ago

computaserik commented 1 week ago

Which version of Duende IdentityServer are you using? Version 7 Which version of .NET are you using? .NET 8 Describe the bug

I'm trying to implement dynamic providers, but can't make it work. I get redirected to the provider, log in and am redirected back to the callback with the user from the provider. Here I create an IdentityServer user and call HttpContext.SigninAsync. After this, I am redirected to /connect/authorize. At this point I want to be redirected back to the client application with a user, but instead I'm redirected to the IdentityServer login page. From here, I can select the provider and log in in an infinite loop. I tried to follow the implementation in the sample, but when I debug into AuthenticateAsync in DefaultUserSession, the handler returns "No Principal.". The implementation is also similar to a working static provider in the same application. The external provider is Azure Entra in both cases.

Speaking of the sample: I tried running it locally after changing from SQLLite to SQL Server, but the login kind of fails there too. If I try to autenticate with the dynamic provider, I get redirected to the callback, but then back to the login site where the dynamic option is gone (?!). Then, if I log in with user name and password, I get sent back to the client, but the idp in the token is the dynamic provider.

Any hints on what I'm doing wrong?

To Reproduce

Log in with a dynamic provider

Expected behavior

Redirect back to the client application with a logged in user

Actual behavior

Redirect to the login page

RolandGuijt commented 4 days ago

We need more information to figure out what is going wrong. Can you please post a network trace using the browser development tools so we can see where the redirects go and which cookies are set? When using Chrome please check the "Preserve log" checkbox to see all the hops. In other browsers there should be something similar.

computaserik commented 3 days ago

Here is a trace from trying to log in. I omitted some cookies and tokens, as well as some large responses, with "[omitted]". Let me know if you need any of the omitted values. signin.txt

RolandGuijt commented 18 hours ago

Thank you for your trace file. It seems that the callback request from the dynamic external provider isn't setting cookies. Can you please verify if HttpContext.SigninAsync is really called and executed correctly?