Too Many Redirects

I’m following an Authentication Quick Start ( and when I run the code I am correctly redirect to the Okta login page. After successfully authenticating it attempts to redirect to my callback url and at that point the browser (multiple browsers) report that the site is not working due to excessive redirects. Below is the exact message from Chrome…

This page isn’t working redirected you too many times.
Try clearing your cookies.

I should mention that this is running in Google App Engine but I don’t know if that is causing this or not. Has anyone run into this issue before? Thanks is advanced.

1 Like

Hmm, I’m having a hard time seeing how this could occur. Is your callback URL the same as your login URL? I could see something occurring where you could get in a loop because you keep setting the Location Header and redirecting.

Does this happen locally? Trying to figure out if this is something with GAE or not before digging in deeper.


Thanks for the reply. I actually figured this out late last night. The problem was specific to GAE and caused by a typo in one of my URL handlers in my app’s yaml file.

Glad you figured it out :slight_smile:

If you are working with… I had a similar problem. Upon attempting to login, I would get stuck in the loop of: okta -> web page -> okta -> web page -> okta, until I got the equivalent of “too many redirects”. One thing I noticed is that it always worked the “first time” which I discovered meant the first time since IIS had been started. Then each subsequent attempt would send me into this loop. This got me on the track of session/cookie and that something is being retained (ps my logout never quite works to clear all cookies, but that’s a whole other discussion). At any case, I was using the old ASP session variable to stuff a string into which was just a one way display string and not needed. (PS I’m not a web dev so I realize session is possibly frowned on :)) At any case, once I removed any use of the Session variables, it was happy and started working again.

So one take away is: Just don’t use Session. It does play well with … well I’m not sure. OWIN? OKTA?

And this leads me to my other take away: When something is not happy (such as if I misconfigured a variable such as my okta clientID, secret, etc) my app responds by going into a tailspin again. I wish I could get to the bottom of why that is. But in the meantime just knowing that may help you out.

@ebol2000 I’d be curious to see how your OWIN Startup class is configured. The infinite redirect loop can happen when authentication succeeds, but isn’t persisted properly (sounds like you debugged this already). You should be able to use Session stuff along with OWIN fine, though.