Suave is a simple web development F# library providing a lightweight web server and a set of combinators to manipulate route flow and task composition.
So I attempting to get IdentityServer3 (2.5.3) Suave (2.0.0-alpha006) running on Mono (4.6.1). I used the implicit flow for it and I was able to get the the login screen. However when I attempted to login, I was sent back to the login page. After some digging I found out the for some reason the Set-Cookie headers weren't being set for the cookies that IdentityServer needs (idsvr.session, idsvr, idsvr.partial, etc). Only the first cookie was being set, SignInMessage. This also seems true for any Owin middleware that sets more than one cookie. I doubled checked on Windows .net 4.6 and the behavior was the same.
type Cookies(next:OwinMiddleware) =
inherit OwinMiddleware(next)
override this.Invoke (context:IOwinContext) : Task =
async {
context.Response.Cookies.Append("FirstCookie","FirstValue")
do! next.Invoke(context) |> Async.AwaitTask
context.Response.Cookies.Append("SecondCookie","SecondValue")
} |> Async.StartAsTask :> Task
let setRandomCookies =
let app = new AppBuilder()
let app = app.Use(typeof<Cookies>, [||])
app.Build()
|> OwinApp.ofAppFunc "/"
TLDR;
Suave needs to handle Set-Cookie differently when coming back from OWIN.
Owin.fs
let handleResponse (rhs : Dictionary<string, string[]>) =
let handleKey key =
if key = "Set-Cookie" then
rhs.[key] |> Seq.map(fun v -> key,v) |> Seq.toList
else
[key, String.concat ", " rhs.[key]]
(Seq.collect handleKey rhs.Keys |> Seq.toList)
let setResponseHeaders (rhs : Dictionary<string, string[]>) =
Lens.set respHeaders_ (handleResponse rhs)
So I attempting to get IdentityServer3 (2.5.3) Suave (2.0.0-alpha006) running on Mono (4.6.1). I used the implicit flow for it and I was able to get the the login screen. However when I attempted to login, I was sent back to the login page. After some digging I found out the for some reason the Set-Cookie headers weren't being set for the cookies that IdentityServer needs (idsvr.session, idsvr, idsvr.partial, etc). Only the first cookie was being set, SignInMessage. This also seems true for any Owin middleware that sets more than one cookie. I doubled checked on Windows .net 4.6 and the behavior was the same.
TLDR; Suave needs to handle Set-Cookie differently when coming back from OWIN.
Owin.fs
I can send a pull request if you'd like.