Server monitor called with an empty session state

[brettwinters]

Hi @ghidello

Just testing your library using different IDP's - but I've run into a problem

I'm using Okta with Code Flow w. PKCE. Both popup and redirect. Server logs say I've signed in ok and (I think) swapped the access token. If I swap the settings for your IdentityServer demo then no errors...

Any Ideas?

Regards

Brett

[ghidello]

Ciao @brettwinters, looking at the error and from what i quickly saw in the okta site, I think that it does not support the OpenID Connect Session Management 1.0 protocol (if that's the case probably the logout functionality will not work eighter) You can try disabling the session manager using this configuration setting:

settings.MonitorSession = false;

Let me know if you'll be able to make it work and maybe you can add a recipe for Okta in this issue (one day it will become part of the documentation, hopefully)

[brettwinters]

Thanks, @ghidello - yup, disabling the Session Management worked! I will add to the recipes...

For the Logout - The user-initiated logout works for Okta, but not when I tested with Auth0 (which also needs Session Management disabled)

Regards

Brett

[ghidello]

I'm glad it worked. I'll have to change the implementation flow for handling the Auth0 logout use case cleanly. Do you think we can close this?

[brettwinters]

ok, that will be great - I'll look forward to the fix. I may ask some follow up questions later about impact of disabling session management after I try a few scenarios...

[ghidello]

Sure, I'll be interested in your suggestions for better handling different scenarios. I'll have some time these days and I started rethinking the whole library. So feel free to add any thoughts to issue #15