Incorrect handler delegation in OpenIdConnectAuthenticationHandler.InvokeReplyPathAsync

[kevinchalet]

Looks like your new monster has been released too quickly in the wild 😄 😆

An invalid scheme is used in OpenIdConnectAuthenticationHandler.InvokeReplyPathAsync and makes the OIDC client middleware totally buggy because it cannot delegate the principal persistence to the cookie middleware. You should use Option.SignInScheme instead.

https://github.com/aspnet/Security/blob/dev/src/Microsoft.AspNet.Authentication.OpenIdConnect/OpenidConnectAuthenticationHandler.cs#L569

(you should also fix the file name)

[HaoK]

Thanks fix is pushed, I'll fix the file name in a different commit 0577454

[kevinchalet]

Sadly, your fix is incomplete: it doesn't support setting the SignInScheme property via ExternalAuthenticationOptions.SignInScheme.

See https://github.com/aspnet/Security/pull/168/files#diff-960390b7edd1b3a479fbd7fcfd07fbe8R48

[HaoK]

Yeah I know, I'm just trying to get MusicStore unblocked for now, the test coverage for OpenidConnect is...fairly lacking right now obviously, once all the existing tests are fixed, I'll look into adding some more coverage so we can catch this sort of failure before checkin...

[kevinchalet]

You should maybe re-open this ticket to make sure this new issue is correctly tracked.

[HaoK]

Merged 4a2a742