I am trying to implement a simple login page that redirects a user to an OAuth2.0 login server, and then back to a callback URL after they have successfully logged in.
However I keep on getting exception with error message:
Unexpected OAuth authorization response received with callback and client state that does not match an expected value.
From debugging I noticed that the session id from before calling "RequestUserAuthorization()" and after are different.
I read from some SO answers that I need to somehow prevent session changing, but not sure how to achieve that in this scenario.
Any help would be appreciated, thanks!
My distilled implementation is as follow:
private readonly WebServerClientCustomImpl _oauthClient = new WebServerClientCustomImpl();
public ActionResult Login()
{
IAuthorizationState auth = null;
auth = _oauthClient.ProcessUserAuthorization();
if (auth == null)
{
_oauthClient.RequestUserAuthorization(returnTo: _redirectUrl);
}
else
{
// Save authentication information into cookie.
HttpContext.Response.Cookies.Add(auth.CreateAuthCookie());
return RedirectToAction("Index", "Home");
}
ViewBag.Message = "Future login page...";
return View();
}
If you have problem with SessionId changing it in most cases means that there is nothing in Session object for this user. Just add anything to session and SessionId should stay the same for the user:
Session["UserIsHere"] = true;