Identityserver4.admin: Upon login keeps redirecting back to login page.

Can you hit breakpoint here: https://github.com/skoruba/IdentityServer4.Admin/blob/master/src/Skoruba.IdentityServer4.STS.Identity/Quickstart/Account/AccountController.cs#L109

• is result succeeded?

Please, send more details.
Thank you.

Yep, result.Succeeded comes out true. It then proceeds to line 124 to redirect with to the above url which shows the login page once again.

Weird! This time it worked... I've been debugging this since the morning and really weird that it just started working.

Can you please check the log - located in Skoruba.IdentityServer4.STS.Identity\Log\ - any errors?

Sure, skoruba_admin20190220.txt

If you was redirect back to login - for login again or redirect loop?

It was redirecting me back to login page to login again.

BTW: Are you using latest master or dev branch?

This is probably issue with some cookies not being properly cleaned up. If you encounter this issue again please check what cookies you have present before logging in. I've encountered the same issue but unfortunately wasn't able to reproduce it reliably.

BTW: Are you using latest master or dev branch?

Master

Can you reproduce the steps for the issue reliably? That would be very helpful for us to hunt down this issue.

Can you reproduce the steps for the issue reliably? That would be very helpful for us to hunt down this issue.

I can't reproduce it.

Any new info about this topic? I have same problem. Clearing cookies and other actions didn't helps. Errors in log file not found. What information can I give you to advance on this issue?

We noticed that if we tried to run application over https and switch back to http - that was problem with cookie.

@zerobig were you stuck in a redirect loop by chance?

I found the problem and was able to work out a solution for customers. The direction was really related to cookies and this is evidenced by many issues in IdentityServer4 repository. How to solve it automatically I have no idea. But if you clear cookies through the browser snap-in for the site as a whole, the project goes out of an infinite loop account/login.
For Chrome it will be Settings - Advanced - Content Settings - Cookies - select cookies for site, and delete it. Deleting cookies through developer tools and browser extensions did not solve this problem.
I hope my information will improve the product. But for now I have to be. Waiting for release.

I've the same issue when I delete cookies and it works!

@zerobig @skoruba @xmichaelx

I had this issue with both login and logout. When using IdentityServer4 and ASP.NET Identity together.

This happens as you already mentioned when running app over https and switch back to http.
And in some load balancing, SSL termination and other reverse proxy setups.

The actual problem was the cookie authentication scheme.
MVC Core uses it's own default cookie authentication scheme (CookieAuthenticationDefaults.AuthenticationScheme). ASP.NET Identity uses same default MVC authentication scheme.

And IdentityServer uses it's own (IdentityServerConstants.DefaultCookieAuthenticationScheme). Also look at default sign out scheme on IdentityServerConstants ;)

Sometimes these two clash. Why? No idea.

1. MVC sends 302 redirect.
2. You get redirected
3. IdentityServer middleware just passes request (should break with exception though)
   because your application (admin ui) is not "idsvr" cookie authenticated.
4. MVC handles incoming route and shows login page.

Same as when client not authorized.

I'm creating pull request now which fixed this issue for good.

When user logs out, identityserver should cleanup all cookies including it's own "idsvr" cookies.
They are not HTTPS only, and sometimes short circuit happens. By clearing all out on logout you ensure this login redirects will never happen in the future.

I also have the same problem, it does not work in chrome when logging in , but in IE well.

Hi, I have same problem in chrome. In other browser Edge chromium, Firefox run ok.
I think the problem related to cookie, but I've deleted with chrome://settings/clearBrowserData, but It's still not run.

_This is my log when login use Edge chromium browser. Run Ok!_

2020-03-24 10:48:19.762 +07:00 [DBG] CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

2020-03-24 10:48:22.151 +07:00 [DBG] Start authorize request protocol validation

2020-03-24 10:48:22.174 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.174 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.174 +07:00 [DBG] Checking for PKCE parameters

2020-03-24 10:48:22.174 +07:00 [DBG] No PKCE used.

2020-03-24 10:48:22.175 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.177 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:48:22.178 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.179 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:48:22.179 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

2020-03-24 10:48:22.221 +07:00 [DBG] Augmenting SignInContext

2020-03-24 10:48:22.221 +07:00 [DBG] Adding idp claim with value: local

2020-03-24 10:48:22.221 +07:00 [DBG] Adding auth_time claim with value: 1585021702

2020-03-24 10:48:22.222 +07:00 [INF] AuthenticationScheme: Identity.Application signed in.

2020-03-24 10:48:22.222 +07:00 [INF] {"Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","DisplayName":"admin","Endpoint":"UI","ClientId":null,"Category":"Authentication","Name":"User Login Success","EventType":"Success","Id":1000,"Message":null,"ActivityId":"800000c5-0002-ee00-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"UserLoginSuccessEvent"}

2020-03-24 10:48:22.235 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.235 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.241 +07:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize

2020-03-24 10:48:22.242 +07:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint

2020-03-24 10:48:22.242 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback

2020-03-24 10:48:22.242 +07:00 [DBG] Start authorize callback request

2020-03-24 10:48:22.242 +07:00 [DBG] User in authorize request: 185666ac-7dd1-42da-adb7-27146868e276

2020-03-24 10:48:22.242 +07:00 [DBG] Start authorize request protocol validation

2020-03-24 10:48:22.258 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.258 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.258 +07:00 [DBG] Checking for PKCE parameters

2020-03-24 10:48:22.258 +07:00 [DBG] No PKCE used.

2020-03-24 10:48:22.260 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.261 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:48:22.263 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.265 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:48:22.265 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

2020-03-24 10:48:22.265 +07:00 [DBG] ValidatedAuthorizeRequest
{"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","AllowedRedirectUris":["http://localhost:9000/signin-oidc"],"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"openid profile email roles","State":"CfDJ8L-aL-rVv9BEivLiZ72cvHIRam30K7FirAqzs62SWAltrxprJeCGRCC3y1Vsm6LpGFT90RzaY3QFaGAWFHpQPoN42LUsIzB40ShqVJVh3K9IbVa2j_oC7Uj0spsFAHM1Ma4iap4w4EvbpX9jmZ0o82SFUtkF916qe0iS6dabtJX2VmWLUnN1h4jnEz85XKrjmVPx9J_NW10FWPB1YJggJUItqXrnKsSRdmRPHsJGJgTlXlEOrrW0j7It54MlgOKn-jcvj9SIGU6NtCCO0PM0to0Kpg4cyu_BvoXvTbUKP1pu","UiLocales":null,"Nonce":"637206184461647273.MTJjYTgzZTYtNjkxMi00NjViLTlmZGYtNzNhZGU5MWZhYmZiN2M4NmVkNGYtNDRjMi00YWMyLWE3YTctMGIwNTI1ODIyNWFi","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":"T9QERnyb8Lgu6leHZK6Ucg","Raw":{"client_id":"MyClientId","redirect_uri":"http://localhost:9000/signin-oidc","response_type":"code id_token","scope":"openid profile email roles","response_mode":"form_post","nonce":"637206184461647273.MTJjYTgzZTYtNjkxMi00NjViLTlmZGYtNzNhZGU5MWZhYmZiN2M4NmVkNGYtNDRjMi00YWMyLWE3YTctMGIwNTI1ODIyNWFi","state":"CfDJ8L-aL-rVv9BEivLiZ72cvHIRam30K7FirAqzs62SWAltrxprJeCGRCC3y1Vsm6LpGFT90RzaY3QFaGAWFHpQPoN42LUsIzB40ShqVJVh3K9IbVa2j_oC7Uj0spsFAHM1Ma4iap4w4EvbpX9jmZ0o82SFUtkF916qe0iS6dabtJX2VmWLUnN1h4jnEz85XKrjmVPx9J_NW10FWPB1YJggJUItqXrnKsSRdmRPHsJGJgTlXlEOrrW0j7It54MlgOKn-jcvj9SIGU6NtCCO0PM0to0Kpg4cyu_BvoXvTbUKP1pu","x-client-SKU":"ID_NETSTANDARD2_0","x-client-ver":"5.5.0.0"},"$type":"AuthorizeRequestValidationLog"}
2020-03-24 10:48:22.268 +07:00 [DBG] jGrSOkbB40Xu+u4xTkFRpf81K+vY/Loyk7REmk3y5mA= found in database: true

2020-03-24 10:48:22.269 +07:00 [DBG] Consent found in consent store is same as current request, consent is not required

2020-03-24 10:48:22.269 +07:00 [DBG] Creating Hybrid Flow response.

2020-03-24 10:48:22.272 +07:00 [DBG] NZF1gbUKgId5FanAwhsOHbuDPvpEe1jy1FUgL2Rm/yM= not found in database

2020-03-24 10:48:22.275 +07:00 [DBG] Creating Implicit Flow response.

2020-03-24 10:48:22.275 +07:00 [DBG] Getting claims for identity token for subject: 185666ac-7dd1-42da-adb7-27146868e276 and client: MyClientId

2020-03-24 10:48:22.276 +07:00 [DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.

2020-03-24 10:48:22.278 +07:00 [INF] {"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","Endpoint":"Authorize","SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","Scopes":"openid profile email roles","GrantType":"hybrid","Tokens":[{"TokenType":"id_token","TokenValue":"****lFXA","$type":"Token"},{"TokenType":"code","TokenValue":"****fJb8","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"800000c6-0002-ee00-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"TokenIssuedSuccessEvent"}
2020-03-24 10:48:22.278 +07:00 [DBG] Authorize endpoint response
{"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","ClientId":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","State":"CfDJ8L-aL-rVv9BEivLiZ72cvHIRam30K7FirAqzs62SWAltrxprJeCGRCC3y1Vsm6LpGFT90RzaY3QFaGAWFHpQPoN42LUsIzB40ShqVJVh3K9IbVa2j_oC7Uj0spsFAHM1Ma4iap4w4EvbpX9jmZ0o82SFUtkF916qe0iS6dabtJX2VmWLUnN1h4jnEz85XKrjmVPx9J_NW10FWPB1YJggJUItqXrnKsSRdmRPHsJGJgTlXlEOrrW0j7It54MlgOKn-jcvj9SIGU6NtCCO0PM0to0Kpg4cyu_BvoXvTbUKP1pu","Scope":"openid profile email roles","Error":null,"ErrorDescription":null,"$type":"AuthorizeResponseLog"}

2020-03-24 10:48:22.279 +07:00 [DBG] Augmenting SignInContext

2020-03-24 10:48:22.279 +07:00 [INF] AuthenticationScheme: Identity.Application signed in.

2020-03-24 10:48:22.380 +07:00 [DBG] Request path /connect/token matched to endpoint type Token

2020-03-24 10:48:22.391 +07:00 [DBG] Endpoint enabled: Token, successfully created handler: IdentityServer4.Endpoints.TokenEndpoint

2020-03-24 10:48:22.391 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.TokenEndpoint for /connect/token

2020-03-24 10:48:22.393 +07:00 [DBG] Start token request.

2020-03-24 10:48:22.393 +07:00 [DBG] Start client validation

2020-03-24 10:48:22.393 +07:00 [DBG] Start parsing Basic Authentication secret

2020-03-24 10:48:22.393 +07:00 [DBG] Start parsing for secret in post body

2020-03-24 10:48:22.393 +07:00 [DBG] Parser found secret: PostBodySecretParser

2020-03-24 10:48:22.393 +07:00 [DBG] Secret id found: MyClientId

2020-03-24 10:48:22.403 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.404 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.404 +07:00 [DBG] Secret validator success: HashedSharedSecretValidator

2020-03-24 10:48:22.404 +07:00 [DBG] Client validation success

2020-03-24 10:48:22.404 +07:00 [INF] {"ClientId":"MyClientId","AuthenticationMethod":"SharedSecret","Category":"Authentication","Name":"Client Authentication Success","EventType":"Success","Id":1010,"Message":null,"ActivityId":"80000042-0002-e100-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"ClientAuthenticationSuccessEvent"}

2020-03-24 10:48:22.404 +07:00 [DBG] Start token request validation

2020-03-24 10:48:22.404 +07:00 [DBG] Start validation of authorization code token request

2020-03-24 10:48:22.405 +07:00 [DBG] NZF1gbUKgId5FanAwhsOHbuDPvpEe1jy1FUgL2Rm/yM= found in database: true

2020-03-24 10:48:22.407 +07:00 [DBG] removing NZF1gbUKgId5FanAwhsOHbuDPvpEe1jy1FUgL2Rm/yM= persisted grant from database

2020-03-24 10:48:22.411 +07:00 [DBG] Validation of authorization code token request success

2020-03-24 10:48:22.411 +07:00 [INF] Token request validation success, {"ClientId":"MyClientId","ClientName":"MyClientId","GrantType":"authorization_code","Scopes":null,"AuthorizationCode":"8azvEk7Eh1UxI68qcgLzSFGlE-bP7yyO4zIU9XAfJb8","RefreshToken":null,"UserName":null,"AuthenticationContextReferenceClasses":null,"Tenant":null,"IdP":null,"Raw":{"client_id":"MyClientId","client_secret":"***REDACTED***","code":"8azvEk7Eh1UxI68qcgLzSFGlE-bP7yyO4zIU9XAfJb8","grant_type":"authorization_code","redirect_uri":"http://localhost:9000/signin-oidc"},"$type":"TokenRequestValidationLog"}

2020-03-24 10:48:22.422 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.422 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.424 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.426 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:48:22.426 +07:00 [DBG] Getting claims for access token for client: MyClientId

2020-03-24 10:48:22.426 +07:00 [DBG] Getting claims for access token for subject: 185666ac-7dd1-42da-adb7-27146868e276

2020-03-24 10:48:22.444 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.444 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.446 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.447 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:48:22.447 +07:00 [DBG] Getting claims for identity token for subject: 185666ac-7dd1-42da-adb7-27146868e276 and client: MyClientId

2020-03-24 10:48:22.447 +07:00 [DBG] In addition to an id_token, an access_token was requested. No claims other than sub are included in the id_token. To obtain more user claims, either use the user info endpoint or set AlwaysIncludeUserClaimsInIdToken on the client configuration.

2020-03-24 10:48:22.449 +07:00 [INF] {"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":null,"Endpoint":"Token","SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","Scopes":"openid profile email roles","GrantType":"authorization_code","Tokens":[{"TokenType":"id_token","TokenValue":"****KA5g","$type":"Token"},{"TokenType":"access_token","TokenValue":"****8KZQ","$type":"Token"}],"Category":"Token","Name":"Token Issued Success","EventType":"Success","Id":2000,"Message":null,"ActivityId":"80000042-0002-e100-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:48:22.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"TokenIssuedSuccessEvent"}

2020-03-24 10:48:22.449 +07:00 [DBG] Token request success.

2020-03-24 10:48:22.459 +07:00 [DBG] Request path /connect/userinfo matched to endpoint type Userinfo

2020-03-24 10:48:22.461 +07:00 [DBG] Endpoint enabled: Userinfo, successfully created handler: IdentityServer4.Endpoints.UserInfoEndpoint

2020-03-24 10:48:22.461 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.UserInfoEndpoint for /connect/userinfo

2020-03-24 10:48:22.461 +07:00 [DBG] Start userinfo request

2020-03-24 10:48:22.461 +07:00 [DBG] Bearer token found in header

2020-03-24 10:48:22.473 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.474 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.482 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:48:22.482 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:48:22.484 +07:00 [DBG] Calling into custom token validator: IdentityServer4.Validation.DefaultCustomTokenValidator

2020-03-24 10:48:22.484 +07:00 [DBG] Token validation success
{"ClientId":null,"ClientName":null,"ValidateLifetime":true,"AccessTokenType":"Jwt","ExpectedScope":"openid","TokenHandle":null,"JwtId":null,"Claims":{"nbf":1585021702,"exp":1585025302,"iss":"http://192.168.19.146:5000","client_id":"MyClientId","sub":"185666ac-7dd1-42da-adb7-27146868e276","auth_time":1585021702,"idp":"local","scope":["roles","openid","profile","email"],"amr":"pwd"},"$type":"TokenValidationLog"}

2020-03-24 10:48:22.485 +07:00 [DBG] Creating userinfo response

2020-03-24 10:48:22.485 +07:00 [DBG] Scopes in access token: roles openid profile email

2020-03-24 10:48:22.485 +07:00 [DBG] Scopes in access token: roles openid profile email

2020-03-24 10:48:22.487 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.487 +07:00 [DBG] Requested claim types: role sub updated_at locale zoneinfo birthdate gender website picture preferred_username nickname middle_name given_name family_name name profile email email_verified

2020-03-24 10:48:22.487 +07:00 [DBG] Scopes in access token: roles openid profile email

2020-03-24 10:48:22.489 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:48:22.494 +07:00 [INF] Profile service returned the following claim types: sub name nickname role preferred_username email email_verified

2020-03-24 10:48:22.494 +07:00 [DBG] End userinfo request

_This is my log when login use Chrome browser. Not Run Ok!_

2020-03-24 10:49:06.461 +07:00 [DBG] CORS request made for path: /Account/Login from origin: null but was ignored because path was not for an allowed IdentityServer CORS endpoint

2020-03-24 10:49:08.602 +07:00 [DBG] Start authorize request protocol validation

2020-03-24 10:49:08.646 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:49:08.646 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:49:08.646 +07:00 [DBG] Checking for PKCE parameters

2020-03-24 10:49:08.646 +07:00 [DBG] No PKCE used.

2020-03-24 10:49:08.647 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:49:08.649 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:49:08.651 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:49:08.652 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:49:08.652 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

2020-03-24 10:49:08.672 +07:00 [DBG] Augmenting SignInContext

2020-03-24 10:49:08.672 +07:00 [DBG] Adding idp claim with value: local

2020-03-24 10:49:08.672 +07:00 [DBG] Adding auth_time claim with value: 1585021748

2020-03-24 10:49:08.673 +07:00 [INF] AuthenticationScheme: Identity.Application signed in.

2020-03-24 10:49:08.673 +07:00 [INF] {"Username":"admin","Provider":null,"ProviderUserId":null,"SubjectId":"185666ac-7dd1-42da-adb7-27146868e276","DisplayName":"admin","Endpoint":"UI","ClientId":null,"Category":"Authentication","Name":"User Login Success","EventType":"Success","Id":1000,"Message":null,"ActivityId":"8000001a-0000-d400-b63f-84710c7967bb","TimeStamp":"2020-03-24T03:49:08.0000000Z","ProcessId":9668,"LocalIpAddress":"192.168.19.146:5000","RemoteIpAddress":"192.168.19.146","$type":"UserLoginSuccessEvent"}

2020-03-24 10:49:08.682 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:49:08.682 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:49:08.687 +07:00 [DBG] Request path /connect/authorize/callback matched to endpoint type Authorize

2020-03-24 10:49:08.688 +07:00 [DBG] Endpoint enabled: Authorize, successfully created handler: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint

2020-03-24 10:49:08.688 +07:00 [INF] Invoking IdentityServer endpoint: IdentityServer4.Endpoints.AuthorizeCallbackEndpoint for /connect/authorize/callback

2020-03-24 10:49:08.688 +07:00 [DBG] Start authorize callback request

2020-03-24 10:49:08.688 +07:00 [DBG] No user present in authorize request

2020-03-24 10:49:08.688 +07:00 [DBG] Start authorize request protocol validation

2020-03-24 10:49:08.699 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:49:08.699 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:49:08.699 +07:00 [DBG] Checking for PKCE parameters

2020-03-24 10:49:08.699 +07:00 [DBG] No PKCE used.

2020-03-24 10:49:08.701 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:49:08.704 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:49:08.707 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:49:08.709 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:49:08.709 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

2020-03-24 10:49:08.709 +07:00 [DBG] ValidatedAuthorizeRequest
{"ClientId":"MyClientId","ClientName":"MyClientId","RedirectUri":"http://localhost:9000/signin-oidc","AllowedRedirectUris":["http://localhost:9000/signin-oidc"],"SubjectId":"anonymous","ResponseType":"code id_token","ResponseMode":"form_post","GrantType":"hybrid","RequestedScopes":"openid profile email roles","State":"CfDJ8L-aL-rVv9BEivLiZ72cvHLr8BPnZdisEPI6Hh7gpkp_ruR9jIZwH4v1-q9bxEW81AoWa_ICazmk2zBLbZE-s-86YVCH6DU_Px9YzvM3K384VnKt6FhlsHTtOYG2mNMrGUrmHsLGr7wsANJ0XqXYePb8CsCbLS4NBXwyYSAM26hxAGoOO2yBk0ilncqDBwjwpZ3NR99L-0EURpXZpXEPR5PvaZ2h7e-GlDVQypk4V5UoyGqi48o3-xp6HPUeppIJuHtQCjHD1wW5FajAgytakD1XBhiY9f8SXOSg3s0zBz7t","UiLocales":null,"Nonce":"637206181012200489.ODZmYjU3MzMtY2U4Mi00ZDM1LWE3MWQtZTE4ZWNmNmMxZGY0ODQ5YzExYzctOWZjOS00YzAyLTg5YWEtYjk1MDA3ZTkzNzY3","AuthenticationContextReferenceClasses":null,"DisplayMode":null,"PromptMode":null,"MaxAge":null,"LoginHint":null,"SessionId":"","Raw":{"client_id":"MyClientId","redirect_uri":"http://localhost:9000/signin-oidc","response_type":"code id_token","scope":"openid profile email roles","response_mode":"form_post","nonce":"637206181012200489.ODZmYjU3MzMtY2U4Mi00ZDM1LWE3MWQtZTE4ZWNmNmMxZGY0ODQ5YzExYzctOWZjOS00YzAyLTg5YWEtYjk1MDA3ZTkzNzY3","state":"CfDJ8L-aL-rVv9BEivLiZ72cvHLr8BPnZdisEPI6Hh7gpkp_ruR9jIZwH4v1-q9bxEW81AoWa_ICazmk2zBLbZE-s-86YVCH6DU_Px9YzvM3K384VnKt6FhlsHTtOYG2mNMrGUrmHsLGr7wsANJ0XqXYePb8CsCbLS4NBXwyYSAM26hxAGoOO2yBk0ilncqDBwjwpZ3NR99L-0EURpXZpXEPR5PvaZ2h7e-GlDVQypk4V5UoyGqi48o3-xp6HPUeppIJuHtQCjHD1wW5FajAgytakD1XBhiY9f8SXOSg3s0zBz7t","x-client-SKU":"ID_NETSTANDARD2_0","x-client-ver":"5.5.0.0"},"$type":"AuthorizeRequestValidationLog"}

2020-03-24 10:49:08.709 +07:00 [INF] Showing login: User is not authenticated

2020-03-24 10:49:09.445 +07:00 [DBG] Start authorize request protocol validation

2020-03-24 10:49:09.479 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:49:09.479 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

2020-03-24 10:49:09.479 +07:00 [DBG] Checking for PKCE parameters

2020-03-24 10:49:09.479 +07:00 [DBG] No PKCE used.

2020-03-24 10:49:09.481 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:49:09.483 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:49:09.484 +07:00 [DBG] Found ["roles","openid","profile","email"] identity scopes in database

2020-03-24 10:49:09.488 +07:00 [DBG] Found [] API scopes in database

2020-03-24 10:49:09.489 +07:00 [DBG] Calling into custom validator: IdentityServer4.Validation.DefaultCustomAuthorizeRequestValidator

2020-03-24 10:49:09.501 +07:00 [DBG] MyClientId found in database: true

2020-03-24 10:49:09.501 +07:00 [DBG] client configuration validation for client MyClientId succeeded.

It worked on my machine by setting app.UseCookiePolicy(new CookiePolicyOptions { MinimumSameSitePolicy = SameSiteMode.Lax });

Identity server is keep showing “Showing login: User is not authenticated” in /connect/authorize/callback

I also have the same problem. if using https everything is fine. but using http login will redirecting back to login page!

For sure, https is required. 😊