CustomRedirectResult not IsLocalUrl duplicate IdentityServerBasePath

[VolkerFried]

Issue / Steps to reproduce the problem

I implemented a custom AuthorizeInteractionResponseGenerator and added it at startup using AddAuthorizeInteractionResponseGenerator().

My custom AuthorizeInteractionResponseGenerator looks something like this Example. However, the RedirectUrl is not a local url. This creates the problem.

In CustomRedirectResult.ExecuteAsync, the IdentityServerBasePath is appended both by context.GetIdentityServerBasePath() and again by context.GetIdentityServerBaseUrl(). This generates an invalid returnUrl.

This problem does not occur with LoginPageResult and ConsentPageResult, because the context.GetIdentityServerHost() function is used instead of context.GetIdentityServerBaseUrl().

Differences

CustomRedirectResult

var returnUrl = context.GetIdentityServerBasePath().EnsureTrailingSlash() + Constants.ProtocolRoutePaths.Authorize;
returnUrl = returnUrl.AddQueryString(_request.Raw.ToQueryString());

if (!_url.IsLocalUrl())
{
    // this converts the relative redirect path to an absolute one if we're 
    // redirecting to a different server
    returnUrl = context.GetIdentityServerBaseUrl().EnsureTrailingSlash() + returnUrl.RemoveLeadingSlash();
}

LoginPageResult

var returnUrl = context.GetIdentityServerBasePath().EnsureTrailingSlash() + Constants.ProtocolRoutePaths.AuthorizeCallback;

...

var loginUrl = _options.UserInteraction.LoginUrl;
if (!loginUrl.IsLocalUrl())
{
    // this converts the relative redirect path to an absolute one if we're 
    // redirecting to a different server
    returnUrl = context.GetIdentityServerHost().EnsureTrailingSlash() + returnUrl.RemoveLeadingSlash();
}