It’s a real simple one but honestly a real time saver:
Turn on logging
IdentityServer3 is a great piece of software with excellent documentation but the identity space is inherently complex and gets quite fiddly quite quickly. Fortunately if you turn on the logging the output is rich and incredibly useful.
I was working on standing up another STS this morning based on it and was just cracking through it thinking “yeah I know this” and hadn’t bothered to turn on logging. Pride, of course, always comes before a fall and so of course I hit a weird and inscrutable problem: the STS let me log in with Google but then never redirected back to my application. Spent a little while thrashing around then remembered my own number one tip, turned on logging, and there in the trace window was the source of my problem (in my case I hadn’t run the new client properly through my custom user service and wasn’t marking users as active in a particular work flow).
Turning it on is really simple. All you need to do is add a NuGet package for one of the supported loggers and configure it. In my case I use Serilog and the code for configuring it is as on the IdentityServer3 website:
Log.Logger = new LoggerConfiguration() .MinimumLevel.Debug() .WriteTo.Trace() .CreateLogger();