Open computaserik opened 1 week ago
We need more information to figure out what is going wrong. Can you please post a network trace using the browser development tools so we can see where the redirects go and which cookies are set? When using Chrome please check the "Preserve log" checkbox to see all the hops. In other browsers there should be something similar.
Here is a trace from trying to log in. I omitted some cookies and tokens, as well as some large responses, with "[omitted]". Let me know if you need any of the omitted values. signin.txt
Thank you for your trace file.
It seems that the callback request from the dynamic external provider isn't setting cookies. Can you please verify if HttpContext.SigninAsync
is really called and executed correctly?
Which version of Duende IdentityServer are you using? Version 7 Which version of .NET are you using? .NET 8 Describe the bug
I'm trying to implement dynamic providers, but can't make it work. I get redirected to the provider, log in and am redirected back to the callback with the user from the provider. Here I create an IdentityServer user and call HttpContext.SigninAsync. After this, I am redirected to /connect/authorize. At this point I want to be redirected back to the client application with a user, but instead I'm redirected to the IdentityServer login page. From here, I can select the provider and log in in an infinite loop. I tried to follow the implementation in the sample, but when I debug into AuthenticateAsync in DefaultUserSession, the handler returns "No Principal.". The implementation is also similar to a working static provider in the same application. The external provider is Azure Entra in both cases.
Speaking of the sample: I tried running it locally after changing from SQLLite to SQL Server, but the login kind of fails there too. If I try to autenticate with the dynamic provider, I get redirected to the callback, but then back to the login site where the dynamic option is gone (?!). Then, if I log in with user name and password, I get sent back to the client, but the idp in the token is the dynamic provider.
Any hints on what I'm doing wrong?
To Reproduce
Log in with a dynamic provider
Expected behavior
Redirect back to the client application with a logged in user
Actual behavior
Redirect to the login page