Open Closed

Login loop after upgrading to 9.2.3 #9684


User avatar
0
pablo@ccalp.net created

I'm getting a login redirect loop after upgrading the front-end to 9.2.3 The backend is 9.2.3, when rolling back to 8.3.0, it works fine.


12 Answer(s)
  • User Avatar
    0
    AI-Bot created
    Support Team ABP Agent
    • After upgrading both the front-end and back-end to ABP 9.2.3, a login redirect loop typically indicates a misconfiguration or incompatibility in authentication, especially in tiered or separated Auth Server setups.

    To resolve this issue, follow these steps:

    1. Check Migration Guide
      Review and apply all steps in the official ABP 9.2 migration guide, as there are breaking changes that may affect authentication and token handling:

    2. Certificate Synchronization
      If you are using OpenIddict, ensure that the openiddict.pfx certificate and its passphrase are identical and present in both the AuthServer and the API Host. A mismatch or missing certificate can cause token validation failures, resulting in redirect loops.

    3. Check for SecurityTokenSignatureKeyNotFoundException
      In similar cases, a SecurityTokenSignatureKeyNotFoundException (IDX10503) due to a kid mismatch between AuthServer and backend was the root cause. Regenerate and synchronize the certificate if needed.

    4. Update All Packages
      Make sure all ABP NuGet and NPM packages are updated to 9.2.3 in both backend and frontend projects. Mixed versions can cause authentication issues.

    5. Clear Browser Cache and Cookies
      After upgrade, old cookies or tokens may cause issues. Clear them before testing.

    6. Check Application Configuration

      • Ensure the Authority, ClientId, and Scopes in your Angular environment and backend match the AuthServer configuration.
      • Verify that the allowed scopes and grant types are correctly set for your client in the OpenIddict data seed.
    7. Review Deployment Environment
      If running behind IIS or a reverse proxy, ensure forwarded headers are configured correctly. See:

    8. Check for Errors in Browser Console and Network Tab
      Look for failed requests or error messages during the login process, especially to /connect/authorize, /connect/token, or /api/abp/application-configuration.

    If you have recently cloned or deployed the project, ensure the openiddict.pfx file is not missing (it is git-ignored by default and must be copied manually).

    If the above steps do not resolve the issue, consult the following resolved support ticket for a similar scenario:

    Sources:


    This response was generated by AI. If it didn’t solve your problem, feel free to post a new answer — our support team will jump in to help you soon.

  • User Avatar
    0
    pablo@ccalp.net created

    I've looked at all that the AI is suggesting already, I still need help with this issue ASAP

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    What is your UI type?

    Can you share a GIF to show the problem?

    Can you share the logs.txt file?

    https://abp.io/support/questions/8622/How-to-enable-Debug-logs-for-troubleshoot-problems

    liming.ma@volosoft.com

    Thanks

  • User Avatar
    0
    pablo@ccalp.net created

    Sorry for the late response,

    This is an Angular UI.

    I think that the issue is that I had a guard in the default (empty) route, which was working fine in 8.3, but now it is causing login loops. I assume it is a timing issue.

    I implemented a solution to perform auto login and I think it's more robust now.

    In any case, it would be good if you can confirm that adding the "authGuard" to the Home route will cause that behaviour, and why was it working before without any issues.

    { path: '', pathMatch: 'full', title: 'Home', loadChildren: () => import('./home/home.module').then(m => m.HomeModule), canActivate: [authGuard], <--- This is removed now },

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    See https://github.com/abpframework/abp/issues/23286#issuecomment-3117644521

    Thanks.

  • User Avatar
    0
    pablo@ccalp.net created

    Yeah, I saw that alread, got the guard code from the branch and tested it, didn't work.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    I will ask our angular team.

    Thanks.

  • User Avatar
    0
    fahrigedik created
    Support Team Angular Expert

    [pablo@ccalp.net] said: Yeah, I saw that alread, got the guard code from the branch and tested it, didn't work.

    Hi Pablo,

    Thanks for the details you've shared so far.

    Could you please share the example where you tested the asyncAuthGuard?
    This guard was specifically designed to help prevent the login redirect loop issue, especially after upgrading to v9.2.x.

    We’d like to review your usage and see if anything might be missing or misaligned with the intended pattern.

    A minimal example (GitHub repo or zip) would be very helpful.

    Thanks,
    Angular Team @ Volosoft

  • User Avatar
    0
    pablo@ccalp.net created

    With the current workload and complexity of the application, I don't think a sample is feasible. I will try to provide a video of the issue. I cannot replicate it locally; it only happens when it is deployed to our Azure environment and we access the application using a subdomain for the tenant. If we log in as the host and impersonate, we don't see the issue.

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    it only happens when it is deployed to our Azure environment and we access the application using a subdomain for the tenant.

    Can you share a website URL, so that we can reproduce it online?

    Thanks.

  • User Avatar
    0
    mharnos created

    Hi,

    we had a similar issue, where if the returnUrl points to a guarded route (the default points to / / rootUrl and is not configurable) then the authGuard code would run in parallel to the angular-oauth2-oidc authentication code resulting in a loop if the authGuard was faster than the authentication code: https://github.com/manfredsteyer/angular-oauth2-oidc/issues/861

    Our solution was to create an additional route in angular oauth/code that has no authGuard and just displays a placeholder with the empty layout (no menus) eLayoutType.empty, and the angular-oauth2-oidc code handles the redirect to the redirectUrl (not returnUrl) when it is finished with authentication. The redirectUrl can be authGuarded as you would expect.

    We had to update the oAuthConfig in our environment.ts files (redirectUri: baseUrl + '/oauth/code') and extend the OpenIddictDataSeedContributor where the redirectUri in CreateApplicationAsync is always set to be the rootUrl, i.e. redirectUris: new List<string> { consoleAndAngularClientRootUrl } needs to be changed to include /oauth/code as well.

    That resolved our issue, but it would've made it significantly easier to configure, if the "OpenIddict:Applications" config would include the RedirectUris and PostLogoutRedirectUris options instead of assuming they're RootUrl or point to a ABP configured, non-AuthGuard-ed route per default.

    Hope this helps, Marc

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Thanks mharnos 👍

Boost Your Development
ABP Live Training
Packages
See Trainings
Mastering ABP Framework Book
The Official Guide
Mastering
ABP Framework
Learn More
Mastering ABP Framework Book
Made with ❤️ on ABP v10.0.0-preview. Updated on September 01, 2025, 08:37