I’ve been bashing this for hours with no good direction from the forum or other sources on the internet.
I’m trying to integrate Auth0 into an existing MVC application while I’m also working on a future SPA+Web Api solution to ultimately replace it.
I have followed the documentation at Auth0 ASP.NET (OWIN) SDK Quickstarts: Login, followed by Auth0 ASP.NET (OWIN) SDK Quickstarts: Login.
I have my OWIN security configuration as follows. It uses a custom cookie provider where I do some claims augmentation.
app.UseCookieAuthentication(
new CookieAuthenticationOptions
{
Provider = cookieProvider,
AuthenticationType = CookieAuthenticationDefaults.AuthenticationType,
LoginPath = new PathString("/Authentication/SignIn")
});
app.UseExternalSignInCookie(DefaultAuthenticationTypes.ExternalCookie);
// Configure Auth0 authentication
var options = new Auth0AuthenticationOptions
{
Domain = Settings.Domain,
ClientId = Settings.ClientId,
ClientSecret = Settings.ClientSecret
};
app.UseAuth0Authentication(options);
The authentication/signin view contains the following:
@{
ViewBag.Title = "Sign In";
}
<div id="root" style="width: 320px; margin: 40px auto;">
</div>
<script>
var lock = new Auth0Lock('@Settings.ClientId', '@Settings.Domain',
{
container: 'root',
auth: {
redirectUrl: window.location.origin + '/signin-auth0',
responseType: 'code',
params: {
scope: 'openid email profile'
}
},
theme: {
authButtons: {
"AzureADv2": {
displayName: "Microsoft"
}
}
}
});
lock.show();
</script>
Once authenticated, the browser redirects to /signin-auth0 which returns a 302 without a location header. This leaves the browser with a blank page.
Chrome provides the following for the /signin-auth0 request
![alt text][1]
Where is this going wrong? I’m expecting that the user should be authenticated and redirected to the original page they were requesting.