IdentityServer gets into infinite loop of authenti

2020-04-09 18:30发布

问题:

I have the following client set up in IdentityServer:

new Client
{
    ClientName = "My web application",
    Enabled = true,
    ClientId = "mywebapp",
    ClientSecrets = new List<ClientSecret>
    {
        new ClientSecret("somesecret")
    },

    Flow = Flows.Hybrid,

    ClientUri = "https://app.mydomain.com",

    RedirectUris = new List<string>
    {
        "oob://localhost/wpfclient",
        "http://localhost:2672/",
        "https://app.mydomain.com"
    }
}

And it is hosted online, let's say https://auth.mydomain.com/core.

Trying to modify the MVC OWIN Client (Hybrid) sample client to log-in to the above identity server, in Startup.cs I modified the ClientId, ClientSecret and RedirectUri to match the client settings in IdSrv. Now when I try to navigate to a page that requires authorization, I am redirected to IdentityServer's URL. When I log-in, the breakpoint hits at AuthorizationCodeReceived notification in the client's Startup.cs and then gets into a loop. The browser's status shows:

Waiting for localhost...
Waitnig for auth.mydomain.com...
Waiting for localhost...
Waitnig for auth.mydomain.com...
...

and so on and never finishes the log-in. Why is this happening? Please help.

Thanks!

回答1:

Most probably this is caused by mixing http and https in redirects. Please use one scheme consistently and check the scheme on browser address-bar.