5

I have the following client set up in IdentityServer:

new Client
{
    ClientName = "My web application",
    Enabled = true,
    ClientId = "mywebapp",
    ClientSecrets = new List<ClientSecret>
    {
        new ClientSecret("somesecret")
    },

    Flow = Flows.Hybrid,

    ClientUri = "https://app.mydomain.com",

    RedirectUris = new List<string>
    {
        "oob://localhost/wpfclient",
        "http://localhost:2672/",
        "https://app.mydomain.com"
    }
}

And it is hosted online, let's say https://auth.mydomain.com/core.

Trying to modify the MVC OWIN Client (Hybrid) sample client to log-in to the above identity server, in Startup.cs I modified the ClientId, ClientSecret and RedirectUri to match the client settings in IdSrv. Now when I try to navigate to a page that requires authorization, I am redirected to IdentityServer's URL. When I log-in, the breakpoint hits at AuthorizationCodeReceived notification in the client's Startup.cs and then gets into a loop. The browser's status shows:

Waiting for localhost...
Waitnig for auth.mydomain.com...
Waiting for localhost...
Waitnig for auth.mydomain.com...
...

and so on and never finishes the log-in. Why is this happening? Please help.

Thanks!

orad
  • 15,272
  • 23
  • 77
  • 113

1 Answers1

11

Most probably this is caused by mixing http and https in redirects. Please use one scheme consistently and check the scheme on browser address-bar.

rawel
  • 2,923
  • 21
  • 33
  • 1
    wooh, yes that was it! :) – orad Apr 22 '15 at 17:08
  • After a long time with this issue this solved it. Since I'm using Azure I found there was a little add in I could download to force https everytime – Nick.Mc Nov 01 '17 at 05:49
  • Came across this post and your answer many times in the course of the last day or two trying to figure the redirect loop out. "Can't possibly be that in *my* case" I scoffed. It was. – immutabl Aug 26 '22 at 13:46