From 845d428e0b250c31d85316b88b49d83ea5b6cb9a Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Fri, 31 May 2024 14:04:49 -0500
Subject: [PATCH] Move max age 0 check earlier in pipeline

---
 .../AuthorizeInteractionResponseGenerator.cs       | 14 ++++++++------
 .../Endpoints/Authorize/AuthorizeTests.cs          |  2 +-
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs b/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs
index f87016edb..efed78c95 100644
--- a/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs
+++ b/src/IdentityServer/ResponseHandling/Default/AuthorizeInteractionResponseGenerator.cs
@@ -181,6 +181,14 @@ protected internal virtual async Task<InteractionResponse> ProcessLoginAsync(Val
             return new InteractionResponse { IsLogin = true };
         }
 
+        if (request.MaxAge == 0)
+        {
+            Logger.LogInformation("Showing login: request contains max_age=0.");
+            // Remove the max_age=0 parameter to prevent (infinite) loop
+            request.RemoveMaxAge();
+            return new InteractionResponse { IsLogin = true };
+        }
+
         // unauthenticated user
         var isAuthenticated = request.Subject.IsAuthenticated();
             
@@ -244,12 +252,6 @@ protected internal virtual async Task<InteractionResponse> ProcessLoginAsync(Val
             var authTime = request.Subject.GetAuthenticationTime();
             if (Clock.UtcNow.UtcDateTime > authTime.AddSeconds(request.MaxAge.Value))
             {
-                // Remove the max_age=0 parameter to prevent (infinite) loop
-                if (request.MaxAge.Value == 0)
-                {
-                    request.RemoveMaxAge();
-                }
-
                 Logger.LogInformation("Showing login: Requested MaxAge exceeded.");
 
                 return new InteractionResponse { IsLogin = true };
diff --git a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs
index cc654fbe9..0b7a8f93a 100644
--- a/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs
+++ b/test/IdentityServer.IntegrationTests/Endpoints/Authorize/AuthorizeTests.cs
@@ -1261,7 +1261,7 @@ public async Task prompt_login_should_show_login_page_and_preserve_prompt_values
 
     [Fact]
     [Trait("Category", Category)]
-    public async Task max_age_0_should_show_login_page_and_preserve_max_age()
+    public async Task max_age_0_should_show_login_page()
     {
         await _mockPipeline.LoginAsync("bob");