Whenever the access token is refreshed, I get an exception "Headers are read-only, response has already started"
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultSignInScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = "Auth0";
})
.AddCookie(options =>
{
// ...
})
.AddOpenIdConnect("Auth0", options =>
{
// ...
});
services.AddAccessTokenManagement();
services.AddUserAccessTokenClient("MyApiClient", httpClient =>
{
var uri = Configuration.GetValue<string>("MyApi:Url");
httpClient.BaseAddress = new Uri(uri);
});
Error: System.InvalidOperationException: Headers are read-only, response has already started.
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.ThrowHeadersReadOnlyException()
at Microsoft.AspNetCore.Server.Kestrel.Core.Internal.Http.HttpHeaders.Microsoft.AspNetCore.Http.IHeaderDictionary.set_Item(String key, StringValues value)
at Microsoft.AspNetCore.Http.ResponseCookies.Append(String key, String value, CookieOptions options)
at Microsoft.AspNetCore.Authentication.Cookies.ChunkingCookieManager.AppendResponseCookie(HttpContext context, String key, String value, CookieOptions options)
at Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler.HandleSignInAsync(ClaimsPrincipal user, AuthenticationProperties properties)
at Microsoft.AspNetCore.Authentication.AuthenticationService.SignInAsync(HttpContext context, String scheme, ClaimsPrincipal principal, AuthenticationProperties properties)
at IdentityModel.AspNetCore.AccessTokenManagement.AuthenticationSessionUserTokenStore.StoreTokenAsync(ClaimsPrincipal user, String accessToken, Int32 expiresIn, String refreshToken)
at IdentityModel.AspNetCore.AccessTokenManagement.AccessTokenManagementService.RefreshUserAccessTokenAsync()
at IdentityModel.AspNetCore.AccessTokenManagement.AccessTokenManagementService.<GetUserAccessTokenAsync>b__12_1()
at IdentityModel.AspNetCore.AccessTokenManagement.AccessTokenManagementService.GetUserAccessTokenAsync(Boolean forceRenewal)
at Microsoft.AspNetCore.Authentication.TokenManagementHttpContextExtensions.GetUserAccessTokenAsync(HttpContext context, Boolean forceRenewal)
at IdentityModel.AspNetCore.AccessTokenManagement.UserAccessTokenHandler.SetTokenAsync(HttpRequestMessage request, Boolean forceRenewal)
at IdentityModel.AspNetCore.AccessTokenManagement.UserAccessTokenHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at Microsoft.Extensions.Http.Logging.LoggingScopeHttpMessageHandler.SendAsync(HttpRequestMessage request, CancellationToken cancellationToken)
at System.Net.Http.HttpClient.FinishSendAsyncBuffered(Task`1 sendTask, HttpRequestMessage request, CancellationTokenSource cts, Boolean disposeCts)