diff --git a/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs b/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs index f87016edb..efed78c95 100644 --- a/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs +++ b/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs @@ -181,6 +181,14 @@ protected internal virtual async Task ProcessLoginAsync(Val return new InteractionResponse { IsLogin = true }; } + if (request.MaxAge == 0) + { + Logger.LogInformation("Showing login: request contains max_age=0."); + // Remove the max_age=0 parameter to prevent (infinite) loop + request.RemoveMaxAge(); + return new InteractionResponse { IsLogin = true }; + } + // unauthenticated user var isAuthenticated = request.Subject.IsAuthenticated(); @@ -244,12 +252,6 @@ protected internal virtual async Task ProcessLoginAsync(Val var authTime = request.Subject.GetAuthenticationTime(); if (Clock.UtcNow.UtcDateTime > authTime.AddSeconds(request.MaxAge.Value)) { - // Remove the max_age=0 parameter to prevent (infinite) loop - if (request.MaxAge.Value == 0) - { - request.RemoveMaxAge(); - } - Logger.LogInformation("Showing login: Requested MaxAge exceeded."); return new InteractionResponse { IsLogin = true }; diff --git a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs index cc654fbe9..0b7a8f93a 100644 --- a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs +++ b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs @@ -1261,7 +1261,7 @@ public async Task prompt_login_should_show_login_page_and_preserve_prompt_values [Fact] [Trait("Category", Category)] - public async Task max_age_0_should_show_login_page_and_preserve_max_age() + public async Task max_age_0_should_show_login_page() { await _mockPipeline.LoginAsync("bob");