I'm trying to integrate ServiceStack.Authentication.IdentityServer plugin with an Identity Server 4. I posted this question to StackOverflow and @mythz recommended that I should file it here.

When calling the protected ServiceStack endpoint from browser, the browser redirects to the authorize endpoint as below

https://localhost:5001/connect/authorize?client_id=simplehr&scope=openid%20offline_access&redirect_uri=https://localhost:5004/auth/IdentityServer&response_type=code%20id_token&state=8749c226e65646079c53ba403b51ef3e&nonce=291873debfd14de8b360c11cffbba3db&response_mode=form_post

In this case, https://localhost:5001 is my Identity Server 4, and https://localhost:5004 is my ServiceStack server.

After this step, the browser sends a POST request to ServiceStack's IdentityServer auth provider endpoint as expected. However, this endpoint returns a 302 back to the Identity Server's authorize endpoint. The response looks like

Location: https://localhost:5001/connect/authorize?client_id=simplehr&scope=openid offline_access&redirect_uri=https://localhost:5004/auth/IdentityServer&response_type=code id_token&state=8749c226e65646079c53ba403b51ef3e&nonce=f13048835b6e47f09a8c86882d2db320&response_mode=form_post

Therefore, my browser falls into an infinite loop.

Could anybody shed some light on how I can get over this? Thanks.

I was solving for an infinite loop, too. Might be related to this issue: #23

I have the same problem. Have you solved it?
@giangnn