I have an Angular 14 with an OIDC client application that connects to Duende IdentityServer v6 using the OIDC client. The client application is running with HTTP and Duende IdentityServer is running on HTTPS on local development during the sign-in process it redirects to the IdentityServer and after successful authentication, it redirects back to the client application.
Now the browser keeps reloading as infinite. The reason I found is due to HTTP. If I change to HTTPS it is working fine.
I have setup the CORS as well
app.UseCors("CorsPolicy");
And in the client config
new Client
{
ClientId = "Fete_Bird_UI",
ClientName = "FeteBirdUI",
AllowedCorsOrigins = CorsUris(configuration),
// ......
}
In the database, I can see
You must use HTTPS when you use IdentityServer and this is mainly due to the samesite cookie handling in todays browsers.
To complement this answer, I wrote a blog post that goes into more detail about this topic: Debugging cookie problems in ASP.NET Core