I'm getting started with Identity Server 4 (under ASP.NET Core) using the Implicit flow to secure an Angular 2 front end (to Web API services).
Using the oidc-client JS library, I can successfully redirect from the sample's default page to my login page, have the user authenticate, then redirect (via /connect/authorize) back the the Angular site's callback.
If a user browses directly to my authentication login page (rather than the Angular home page), I can then authenticate, but have nowhere to redirect to. If I redirect manually to the auth server's /connect/authorize page, the OIDC Client reports "No matching state found in storage". (Presumably, the OIDC Client is persisting something locally to verify the response against the original request?).
An obvious solution is for the Auth server to redirect any requests without a redirect specified to the Angular client, which could then redirect back to the Auth server as normal. That feels like a lot of round trips though.
