Identity server 4 external login not working in Firefox but working in Chrome
I have implemented an authentication server with Identity server 4 in ASP.NET core 3.1. Here I have used Azure AD and Google as external login provider. These external login providers working fine in chrome browser but not working in Firefox.
Authentication code,
services.AddAuthentication(CookieAuthenticationDefaults.AuthenticationScheme)
.AddMicrosoftAccount(option => { option.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; option.ClientId = "Client id"; option.ClientSecret = "Client secret"; option.AuthorizationEndpoint = "AuthorizationEndpoint"; option.TokenEndpoint = "TokenEndpoint"; option.SaveTokens = true; option.StateDataFormat = new DistributedCacheStateDataFormatter(contextAccessor, "Microsoft"); }) .AddGoogle(option => { option.SignInScheme = IdentityServerConstants.ExternalCookieAuthenticationScheme; option.ClientId = "Client id"; option.ClientSecret = "Client secret"; option.SaveTokens = true; }) .AddCookie(options => { options.SlidingExpiration = true; options.ExpireTimeSpan = new TimeSpan(7, 0, 0, 0); options.Cookie.SameSite = SameSiteMode.Lax; options.Cookie.HttpOnly = true; });
When using chrome browser external login working fine and authentication properly. When using firefox browser got the below exception from Azure AD,
System.Exception: An error was encountered while handling the remote login.
---> System.Exception: OAuth token endpoint failure: Status: BadRequest;Headers: Cache-Control: no-cache, no-store
Pragma: no-cache Strict-Transport-Security: max-age=31536000; includeSubDomains X-Content-Type-Options: nosniff x-ms-request-id: 33040f25-8122-455c-b96a-f2cfd23acb00 x-ms-ests-server: 2.1.9926.12 - EST ProdSlices P3P: CP="DSP CUR OTPi IND OTRi ONL FIN" Set-Cookie: fpc=Atvp3Rwgaz5EtF1RBA6_Ip4XiiowBQAAAA7uwdUOAAAARMZjlAIAAAAO78HVDgAAAA; expires=Thu, 27-Feb-2020 08:59:59 GMT; path=/; secure; HttpOnly; SameSite=None, x-ms-gateway-slice=prod; path=/; SameSite=None; secure; HttpOnly, stsservicecookie=ests; path=/; secure; HttpOnly; SameSite=None Date: Tue, 28 Jan 2020 08:59:59 GMT
- Body: {"error":"invalid_grant","error_description":"AADSTS54005: OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.\r\nTrace ID: 33040f25-8122-455c-b96a-f2cfd23acb00\r\nCorrelation ID: afb9b3fc-fb80-4796-b1e4-af31ec0261b1\r\nTimestamp: 2020-01-28 08:59:59Z","error_codes":[54005],"timestamp":"2020-01-28 08:59:59Z","trace_id":"33040f25-8122-455c-b96a-f2cfd23acb00","correlation_id":"afb9b3fc-fb80-4796-b1e4-af31ec0261b1"};
Network log,
Attached as image.
Note : Authentication working fine in localhost for both Firefox and Chrome. After published only, Firefox not working.