Ready to post? First, try searching for your answer.
As part of a flow with custom postLogin action which performs account liking. i am sending the user back to my app, which sends with back to auth0 login page with connection={social_login_connection_name}. Instead of acting as expected (continuing as if the user clicked the social login button, which would have logged him in directly), the http response is 302 which sends the browser to a auth0 authorize page, which then redirects again to a login page WITHOUT the connection paramater.
If the user indeed presses the relevant social login button he is indeed logged in.
What is the issue with using login?connection=xxx?
When doing this (redirecting to /authorize, and not back to my app to start challange to /login), i am indeed continuing to the stage when the users is prompted to allow access, but when in lands back in my asp.net core app, i get the OpenIdConnect failure: OpenIdConnectAuthenticationHandler: message.State is null or empty.
Perhaps this is because pointing to /authorize is part of the SPA flow, and not the regular web app flow?
In any case, that doesnt work
I have also tried using redir to /authorize with response_type=code, in which case i do get (after consent) a redir with a code and a state, but am getting error on my app’s side: Unable to unprotect the message.State.
If you want to use the Post-Login trigger to redirect the user to login again it might put them into an infinite loop since it will get triggered again. I would advise you to redirect them from within your application instead of the action and maybe doing the account linking from there too.