public async Task <IActionResult> Callback(CancellationToken cancellationToken) { // read external identity from the temporary cookie AuthenticateResult result = await HttpContext.AuthenticateAsync( IdentityServerConstants.ExternalCookieAuthenticationScheme); if (result?.Succeeded != true) { throw new Exception("External authentication error"); } AuthenticateExternalUserRequest?authRequest = CreateAuthRequest(result); AuthenticateUserResult authResult = await _userAccountService.AuthenticateExternalUserAsync( authRequest, cancellationToken); if (authResult.Success) { var additionalLocalClaims = new List <Claim>(); var localSignInProps = new AuthenticationProperties(); ProcessLoginCallback(result, additionalLocalClaims, localSignInProps); // issue authentication cookie for user var isuser = new IdentityServerUser(authResult.User !.Id.ToString("N")) { DisplayName = authResult.User.Name, IdentityProvider = authRequest.Provider, AdditionalClaims = additionalLocalClaims }; await HttpContext.SignInAsync(isuser, localSignInProps); // delete temporary cookie used during external authentication await HttpContext.SignOutAsync(IdentityServerConstants.ExternalCookieAuthenticationScheme); // retrieve return URL var returnUrl = result.Properties.Items["returnUrl"] ?? "~/"; // check if external login is in the context of an OIDC request AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(returnUrl); await _events.RaiseAsync(new UserLoginSuccessEvent( authRequest.Provider, authRequest.UserIdentifier, authResult.User.Id.ToString("N"), authResult.User.Name, true, context?.Client.ClientId)); if (context != null) { if (context.IsNativeClient()) { // The client is native, so this change in how to // return the response is for better UX for the end user. return(this.LoadingPage("Redirect", returnUrl)); } } return(Redirect(returnUrl)); } else { var returnUrl = result.Properties.Items["returnUrl"] ?? "~/"; // check if external login is in the context of an OIDC request AuthorizationRequest context = await _interaction.GetAuthorizationContextAsync(returnUrl); var vm = new UserNotFoundViewModel { Provider = authRequest.Provider, BackUrl = context?.RedirectUri ?? "/" }; return(View("UserNotFound", vm)); } }