Log (info level) if OIDC state data formatter is enabled with in memo…

…ry distributed cache

src/IdentityServer/Configuration/DependencyInjection/ConfigureOpenIdConnectOptions.cs

@@ -4,6 +4,9 @@
 
 using Duende.IdentityServer.Infrastructure;
 using Microsoft.AspNetCore.Authentication.OpenIdConnect;
+using Microsoft.Extensions.Caching.Distributed;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using System;
 using System.Linq;
@@ -21,12 +24,26 @@ public ConfigureOpenIdConnectOptions(string[] schemes, IServiceProvider serviceP
         _serviceProvider = serviceProvider ?? throw new ArgumentNullException(nameof(serviceProvider));
     }
 
+    private static bool warnedInMemory = false;
+
     public void PostConfigure(string name, OpenIdConnectOptions options)
     {
         // no schemes means configure them all
         if (_schemes.Length == 0 || _schemes.Contains(name))
         {
             options.StateDataFormat = new DistributedCacheStateDataFormatter(_serviceProvider, name);
         }
+
+        var distributedCacheService = _serviceProvider.GetRequiredService<IDistributedCache>();
+
+        if (distributedCacheService is MemoryDistributedCache && !warnedInMemory)
+        {
+            var logger = _serviceProvider
+                .GetRequiredService<ILogger<ConfigureOpenIdConnectOptions>>();
+
+            logger.LogInformation("You have enabled the OidcStateDataFormatterCache but the distributed cache registered is the default memory based implementation. This will store any OIDC state in memory on the server that initiated the request. If the response is processed on another server it will fail. If you are running in production, you want to switch to a real distributed cache that is shared between all nodes.");
+
+            warnedInMemory = true;
+        }
     }
 }