How do we stop our blazor to send oauth 302 redirect for xhr calls, which will never be processed at browser.
Problem is that before sending 302 redirect it created nonce and correlation cookies, which gets sent to browser and they keep accumulating.
Now even a page refresh might fail because of large number of cookies being sent, like NGINX and similar others have some kind of limit.
builder.Services.AddAuthentication(OpenIdConnectDefaults.AuthenticationScheme) .AddMicrosoftIdentityWebApp(builder.Configuration.GetSection("AzureAd")) .EnableTokenAcquisitionToCallDownstreamApi() .AddInMemoryTokenCaches() .Services.Configure<OpenIdConnectOptions>(OpenIdConnectDefaults.AuthenticationScheme, options => { Uri baseUri = new Uri(azureAdOptions.Instance); Uri metadataUri = new Uri(baseUri, $"/{azureAdOptions.TenantId}/v2.0/.well-known/openid-configuration?appid={options.ClientId}"); options.MetadataAddress = metadataUri.ToString(); options.Events = new OpenIdConnectEvents { OnAuthenticationFailed = context => { context.HandleResponse(); context.Response.Redirect("/Error?message=" + context.Exception.Message); return Task.CompletedTask; }, OnTokenValidated = context => { return Task.CompletedTask; }, OnRedirectToIdentityProvider = context => { var defaultSite = builder.Configuration["DefaultSite"]?.ToString(); context.ProtocolMessage.RedirectUri = $"{defaultSite}/signin-oidc"; return Task.CompletedTask; } }; });