I have a couple of OIDC applications with okta as IDP. They all have custom logins which authenticates against okta's authentication api. Microsoft.AspNetCore.Authentication.OpenIdConnect is used as middleware for authentication workflow. The code for authentication is as follows:

  response = await _oktaAuthenticationService.Login(model.Username, model.Password);

  var sessionToken = response.sessionToken;

  var properties = new AuthenticationProperties();

  properties.Items.Add("sessionToken", sessionToken);

  properties.RedirectUri = "/login/RedirectToEntryPoint";

  return Challenge(properties, "Okta");        

Using the middleware I don't have to call the authorization and token endpoints manually. Now I want to implement a central login system (OIDC application) instead of having login in each applications. Each application would redirect to the central login system and after authentication it should redirect back to the original applications.

I tried redirecting to the application from central login application after calling authentication endpoints as follows :

  return redirect("https://myoktatenant.okta.com/oauth2/default/v1/authorize?client_id=fd99ooi888suu&response_type=code token id_token&scope=openid profile&redirect_uri=http://callingapplication.local.com/authorization/callback&response_mode=form_post&state=none&nonce=none")

**/authorization/callback** is the callbackpath specified in openid connect setting.

While so I received the following error

  Unable to unprotect the message.State error

Not sure if this is the correct way of building such system!