Share via

Issues with OpenIdConnect and MS Identity

Violetta Bulatevich 0 Reputation points
2025-10-15T13:08:00.75+00:00

Hello! We are encountering an issue while using Microsoft Identity. Our setup looks like this:

        `services.AddAuthentication()
            .AddMicrosoftIdentityWebApp(configuration.GetSection(AzureAppOptions.ConfigName))
            .EnableTokenAcquisitionToCallDownstreamApi(initialScopes)
            .AddMicrosoftGraph(configuration.GetSection("DownstreamApi"))
            .AddInMemoryTokenCaches();`

The problem: some users randomly receive a 502 error with the message “An error was encountered while handling the remote login” from the endpoint https://{our_url_name}/signin-oidc.

It happens in deployed environments but works fine locally and on mobile. Some users can fix it by using incognito mode or clearing browser cache, but for others the issue persists.

We don’t use Nginx or any custom reverse proxy.

Developer technologies | ASP.NET | ASP.NET API
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Jack Dang (WICLOUD CORPORATION) 2,400 Reputation points Microsoft External Staff
    2025-10-16T04:02:51.9466667+00:00

    Hi @Violetta Bulatevich ,

    From your description, it looks like the issue is happening at the /signin-oidc endpoint during OpenID Connect sign-in in certain environments. A few things to note:

    Possible causes

    1. Cookie or session issues
      • Since incognito or clearing cache helps some users, this often points to cookie corruption or size issues.
      • Microsoft Identity sets a correlation cookie during login. If the cookie is too large or blocked, you may see random 502s.
    2. Load balancer or gateway behavior
      • Even if you don’t use Nginx, some cloud providers inject proxies/load balancers that might interfere with headers or cookies.
      • 502 from signin-oidc often indicates the request can’t be processed upstream.
    3. Token cache or session size
      • Using InMemoryTokenCaches() can cause issues in a multi-instance deployment. Tokens may not be shared between instances, leading to failed logins for some users.
      • If your deployment is scaled out, consider distributed token caching (e.g., Microsoft.Identity.Web.TokenCacheDistributed).

    Recommended actions

    1. Enable logging for Microsoft Identity
      services.AddLogging(builder =>
  {
      builder.AddDebug();
      builder.AddConsole();
      builder.SetMinimumLevel(LogLevel.Debug);
  });

    Check logs around Correlation failed or RemoteFailure.

    1. Check cookie size limits
    • Avoid storing too much info in cookies (claims, tokens).
      • In ASP.NET Core, you can increase cookie size limits if needed.
    1. Consider distributed cache for token storage if deployed in multiple instances (Redis, SQL, etc.).
    2. Test removing browser extensions or corporate policies that may block cookies, since it’s user-specific.
    3. Collect detailed error info: Users can capture network traces (F12 > Network tab) and look at the /signin-oidc request to see if cookies or headers are being dropped.

    This usually resolves random 502s for OpenID Connect in deployed apps.

    Hope this helps! If my answer was helpful - kindly follow the instructions here so others with the same problem can benefit as well.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.