Exception: Correlation failed. Unknown location with Okta In C#

0

So I am building a ASP.NET Core 2.2 application and I am trying to implement Okta verify into this system. I have seen that this issue of the “Exception: Correlation failed” has been discussed on many threads across many message boards, I have tried those solution and I fear no of them have worked.

I am at a loss and need to have a new angle of looking at it.

So when I initially implemented this into the code, I did it as said in the documentation of Okta it self. By now I added stuff that was part of other solutions so it grew a bit.

Startup.cs

public void ConfigureServices(IServiceCollection services)
{

    // Some people had issues with this one being in here,
    // but for me it "works" with and without
    services.Configure<CookiePolicyOptions>(options =>
    {
        // This lambda determines whether user consent for non-essential cookies is needed for a given request.
        options.CheckConsentNeeded = context => true;
        options.MinimumSameSitePolicy = SameSiteMode.None;
    });

    // here are some services.AddTransient and cors policies



    services.Configure<OpenIdConnectOptions>(options =>
    {
        options.Events.OnRemoteFailure = RemoteAuthFail;
    });



    // Basicly here is where I added the boilerplate code made by okta.
    // As I was looking into threads trying to solve the issue it grew into this
    ////////////////////////////////////
    services.AddAuthentication(options =>
    {
        options.DefaultScheme = "somename";
        options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
        options.DefaultChallengeScheme = OktaDefaults.MvcAuthenticationScheme;
    })
    .AddCookie(cookieAuthOptions =>
    {
        cookieAuthOptions.Cookie.Name = "chocolatechip";
        cookieAuthOptions.AccessDeniedPath = "/error/accessdenied";
        cookieAuthOptions.ExpireTimeSpan = new TimeSpan(0,2,0);
    })
    .AddOpenIdConnect("OpenIdConnect", option =>
    {
        option.Events = new OpenIdConnectEvents
        {
            OnRedirectToIdentityProvider = redirectContext =>
            {
                if (Env.IsEnvironment("Debug"))
                {
                    //Force scheme of redirect URI(THE IMPORTANT PART)
                    redirectContext.ProtocolMessage.RedirectUri = redirectContext.ProtocolMessage.RedirectUri.Replace("https://", "http://", StringComparison.OrdinalIgnoreCase);
                }
                return Task.FromResult(0);
            }
        };
        option.ClientId = "SomeClientId";
        option.ClientSecret = "SomeClientSecret";
        option.CallbackPath = "TheCallbackPath";
        option.Authority = "This is suppose to be some URI";
    })
    .AddOktaWebApi(new OktaWebApiOptions()
    {
        AuthorizationServerId = "anotherId",
        OktaDomain = "TheDevDomain"
    });
    ////////////////////////////////////


    services.AddMvc().SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
    services.AddMvc(options => options.OutputFormatters.Add(new HtmlOutputFormatter()));
}


public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory loggerFactory)
{
    loggerFactory.AddLog4Net("log4net.config", false);
    app.UseHttpStatusCodeExceptions();

    if (env.IsDevelopment())
    {
        app.UseDeveloperExceptionPage();
    }
    else
    {

        app.UseHsts();
    }

    app.UseCors(CRSpecificOrigins);
    app.UseHttpsRedirection();
    app.UseStaticFiles();
    app.UseCookiePolicy();
    app.UseAuthentication();

    app.UseMvc();
}

I managed to solve this by making sure that the Authentication service is setup as very first.

It is mentioned in the docs of the SDK (Screenshot below).
In my opinion it is not emphasized enough.
Just on line of comment that is grey fades into the background.