ASP.NET Core SSO with Okta - Odd Behavior

I created a support ticket with Okta but I thought I would ask the community for some advice as well. I have taken 2 Okta sample applications and done some testing around SSO because I was having trouble implementing SSO in my own application. Let’s say we have 2 .net core simple apps, both using the Okta hosted login page.

  1. Launch both apps. Open up app #1.
  2. Click login, get sent to Okta login page
  3. Login, get sent back to app
  4. Go to the other app, click login
  5. Get sent to Okta login page. Okta sees you are already authenticated and then sends you back to app #2.
  6. Once back at app #2, this fails:

HttpContext.User.Identity.IsAuthenticated)

So, a challenge is issued, which sends you back to the Okta login page… which thinks you are logged in and sends you back… thus starting a never-ending loop.

I found this very odd so I started doing some digging and decided to start over again but instead use 2 projects that both used the Okta.Aspnetcore package (before one was using that and one was using the OpenIdConnect library built into .net). Now I don’t have the problem from before, but instead what happens is anytime you login to one app, it logs you out of the other app - which is so strange.

So ultimately I have 2 questions:

  1. Has anyone seen this behavior before and, if so, were you able to fix it?
  2. How would one go about building SSO if I wanted to do a self-hosted login?