Looping Login Error

[RacerDelux]

IdentityServer version

7.0.6

.NET version

net8.0

Description

Having a curious issue in production (and once in stage)

Some users are getting looping logins. Below is a video of what that looks like as well as the exception it was throwing.
The only fix we have managed to get so far is to make a new user. Clearing out their server side session, clearing cookies, changing devices, restarting the server - none of this works. User data looks just fine as well.

We have 1000s of successful logins, this is only affecting a small group.

example.mp4

<Events><Event><System><Provider Name=".NET Runtime"/><EventID>1000</EventID><Level>1</Level><Task>0</Task><Keywords>Keywords</Keywords><TimeCreated SystemTime="2025-03-11T19:20:33Z"/><EventRecordID>496276218</EventRecordID><Channel>Application</Channel><Computer>AW0SDWK000001</Computer><Security/></System><EventData><Data>Category: Duende.IdentityServer.Hosting.IdentityServerMiddleware
EventId: 0
SpanId: 9e5133803f9ddc41
TraceId: cbc2a64b6a8efcf6a928fa5d0e600373
ParentId: ceef79a1e2934ed5
RequestId: 400000c2-0000-dc00-b63f-84710c7967bb
RequestPath: /connect/userinfo

Unhandled exception: Index and length must refer to a location within the string. (Parameter 'length')

Exception: 
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string. (Parameter 'length')
   at System.String.ThrowSubstringArgumentOutOfRange(Int32 startIndex, Int32 length)
   at DG.Identity.Application.Identity.Services.ProfileService.GetProfileDataAsync(ProfileDataRequestContext context)
   at Duende.IdentityServer.ResponseHandling.UserInfoResponseGenerator.ProcessAsync(UserInfoRequestValidationResult validationResult) in /_/src/IdentityServer/ResponseHandling/Default/UserInfoResponseGenerator.cs:line 82
   at Duende.IdentityServer.Endpoints.UserInfoEndpoint.ProcessUserInfoRequestAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/UserInfoEndpoint.cs:line 91
   at Duende.IdentityServer.Endpoints.UserInfoEndpoint.ProcessAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/UserInfoEndpoint.cs:line 62
   at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 106
</Data></EventData></Event><Event><System><Provider Name=".NET Runtime"/><EventID>1000</EventID><Level>1</Level><Task>0</Task><Keywords>Keywords</Keywords><TimeCreated SystemTime="2025-03-11T19:20:33Z"/><EventRecordID>496276218</EventRecordID><Channel>Application</Channel><Computer>AW0SDWK000001</Computer><Security/></System><EventData><Data>Category: Microsoft.AspNetCore.Server.IIS.Core.IISHttpServer
EventId: 2
SpanId: 9e5133803f9ddc41
TraceId: cbc2a64b6a8efcf6a928fa5d0e600373
ParentId: ceef79a1e2934ed5
RequestId: 400000c2-0000-dc00-b63f-84710c7967bb
RequestPath: /connect/userinfo

Connection ID "15852670689149452293", Request ID "400000c2-0000-dc00-b63f-84710c7967bb": An unhandled exception was thrown by the application.

Exception: 
System.ArgumentOutOfRangeException: Index and length must refer to a location within the string. (Parameter 'length')
   at System.String.ThrowSubstringArgumentOutOfRange(Int32 startIndex, Int32 length)
   at DG.Identity.Application.Identity.Services.ProfileService.GetProfileDataAsync(ProfileDataRequestContext context)
   at Duende.IdentityServer.ResponseHandling.UserInfoResponseGenerator.ProcessAsync(UserInfoRequestValidationResult validationResult) in /_/src/IdentityServer/ResponseHandling/Default/UserInfoResponseGenerator.cs:line 82
   at Duende.IdentityServer.Endpoints.UserInfoEndpoint.ProcessUserInfoRequestAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/UserInfoEndpoint.cs:line 91
   at Duende.IdentityServer.Endpoints.UserInfoEndpoint.ProcessAsync(HttpContext context) in /_/src/IdentityServer/Endpoints/UserInfoEndpoint.cs:line 62
   at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 106
   at Duende.IdentityServer.Hosting.IdentityServerMiddleware.Invoke(HttpContext context, IdentityServerOptions options, IEndpointRouter router, IUserSession userSession, IEventService events, IIssuerNameService issuerNameService, ISessionCoordinationService sessionCoordinationService) in /_/src/IdentityServer/Hosting/IdentityServerMiddleware.cs:line 128
   at Duende.IdentityServer.Hosting.MutualTlsEndpointMiddleware.Invoke(HttpContext context, IAuthenticationSchemeProvider schemes) in /_/src/IdentityServer/Hosting/MutualTlsEndpointMiddleware.cs:line 95
   at Microsoft.AspNetCore.Authentication.AuthenticationMiddleware.Invoke(HttpContext context)
   at Duende.IdentityServer.Hosting.DynamicProviders.DynamicSchemeAuthenticationMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/DynamicProviders/DynamicSchemes/DynamicSchemeAuthenticationMiddleware.cs:line 51
   at Duende.IdentityServer.Hosting.BaseUrlMiddleware.Invoke(HttpContext context) in /_/src/IdentityServer/Hosting/BaseUrlMiddleware.cs:line 27
   at Microsoft.AspNetCore.Server.IIS.Core.IISHttpContextOfT`1.ProcessRequestAsync()
</Data></EventData></Event><Event><System><Provider Name=".NET Runtime"/><EventID>1000</EventID><Level>1</Level><Task>0</Task><Keywords>Keywords</Keywords><TimeCreated SystemTime="2025-03-11T19:20:34Z"/><EventRecordID>496277000</EventRecordID><Channel>Application</Channel><Computer>AW0SDWK000001</Computer><Security/></System><EventData><Data>Category: Duende.IdentityServer.Hosting.IdentityServerMiddleware
EventId: 0
SpanId: b62bec7292597c9c
TraceId: c4bff7f9a2ecfd2bc6bff7379d76f80f
ParentId: d1e8a5dbce817f2c
RequestId: 400000dd-0000-e400-b63f-84710c7967bb
RequestPath: /connect/userinfo

Reproduction steps

No response

Expected behavior

No response

Logs

No response

Additional context

No response