client inside iframe generating request is too long error

[jdfreemanco]

I have an angular app which renders an asp.net mvc app inside an iframe. The angular app and asp.net mvc app use IdentityServer3 for authentication and both are setup to use hybrid flow (so its single sign on). The IdSrvc config was updated to add CSP frame-src http://*.mydomain.com so IdSrv will work within an iframe. After logging into the angular app, going to the page that renders the asp.net mvc app in the iframe the iframe calls the /authorize endpoint but it does it like 40 times and idsrv nonce cookies accumulate until I get the request is too long error.

Does identityserver3 work inside iframe?

[brockallen]

This is a Microsoft bug/issue with their OIDC middleware. Check with them for a solution.