I have something that seems to work.
In my researches I stumbbled apon this post suggesting to use a middleware instead of the Authorize attribute.
Now, the method used in that post authService does not seem to work in my case (no clue why, I’ll continue the investigation and post whaterver I find later on).
So I decided to go with a simpler solution. Here is my config
app.Use(async (context, next) =>
{
if (!context.User.Identity.IsAuthenticated)
{
await context.ChallengeAsync("oidc");
}
else
{
await next();
}
});
In this case, oidc kicks in BEFORE the Spa app and the flow is working properly. No need for a Controller at all.
HTH