Server Side Blazor App and Never Ending Reloads Post Authentication

Ready to post? :mag: First, try searching for your answer.
I have a Blazor (server side) application and all “seems” OK with Auth0’s AspNet Core SDK. There seems to be something wrong with my callback, but I can’t figure out (or find a solution anywhere) for what is happening, which is this:

  1. I load my homepage: Packed House Pictures
  2. I click “submit a screenplay”
  3. I click either “create an account” or “sign in”
  4. I correctly get the Auth0 sign in page
  5. I do either (i’ve tried both) and go to completion
  6. Auth0 tries to redirect me, but it just reloads an Auth0 page over and over and over (it doesn’t stop). The url is: {my_auth0_domain}/authorize?client_id=XYZ…

If I click the back button, I get the standard Auth0 error page with the following message:

invalid_request : You may have pressed the back button, refreshed during login, opened too many login dialogs, or there is some issue with cookies, since we couldn’t find your session. Try logging in again from the application and if the problem persists please contact the administrator.

If I click back once again, i get my original page with the user authenticated.

Most “solutions” online indicate that my callback is incorrect, either on the application side or the Auth0 dashboard configuration side. I have checked them both and for the Auth0 Application configuration, the callback URLs are set to {my_domain}/callback (I have 4 entries for live and localhost development). In my application, I have added the following to my Program.cs file:

// Add Auth0 Authentication…
builder.Services.AddAuth0WebAppAuthentication(o =>
{
o.ClientId = SettingsUtil.Settings.Auth0AppClientId;
o.Domain = SettingsUtil.Settings.Auth0Domain;
o.Scope = “openid profile email”;
o.CallbackPath = new PathString(“/callback”);
});

The reloading issue is present regardless of whether or not the “o.CallbackPath” is present or not in the above class file.

This is not the first Blazor application that I have integrated with Auth0, and the other one works perfectly. I’ve double checked that the setting on my other application are the same (adjusted for the different domains, of course), and that the Blazor code is the same (it is).

Any thoughts on what I’m doing wrong? Appreciate any help here…

BTW, if you do try to test the application, note the Google signup/signin does not work - I haven’t configured it yet.

I’ve uploaded a screenshot of the Auth0 logs and it appears Auth0 just keeps trying to log me in over and over again. The Dashboard logs are filled with repeat login attempts from my various testing.

After considerable work, I was able to determine what the issue was. Turns out, it was something incredibly mundane (and non-intuitive).

In the application, when using the SDK, there is a “SignIn.cshtml” file (or “Login.cshtml” file - the file name didn’t matter).

For this file, the corresponding C# looks something like this:

public class SignInModel : PageModel
{
    public async Task OnGet(string redirectUri)
    {
        var authenticationProperties = new LoginAuthenticationPropertiesBuilder()
            .WithRedirectUri(redirectUri)
            .Build();

        await HttpContext.ChallengeAsync(Auth0Constants.AuthenticationScheme, authenticationProperties);
    }
}

Early on, I changed the name of the string parameter for the OnGet method to: “redirectUrl” (instead of Uri).

After hours of trying to figure out why the user flow was broken, I finally changed it back to the original variable name.

That fixed it.

I’m not sure why, but that variable name matters for some reason.