Social login only works first time is user does not complete registration

[mikes-gh]

Using the individual logins template.

I find if the user logs in with facebook or google (and maybe others) provider login completes successfully but if the user does not complete the registration i.e. .clicks back or clicks somewhere else - the next time they try the social login it fails with an access denied. It seems they have to wait for the IdentityExternal cookie to expire before they can try again,
If its not there it all works.
If I delete the cookie in google dev tools and try again it works straight away.

Its not uncommon for users to click anywhere they like or use the back button and I doubt they will wait for the cookie to expire and try again later.

PS My template was from RC2 so I may be missing something.
I did look at the source and cross reference my template and Ive put a few hours into trying to solve this.

Hope its a simple miss.

I attach the logs of when the user attempts to login after backing out of registration.
Note the forbidden logs.

info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 POST http://localhost:5000/customer/default/Account/ExternalLogin application/x-www-form-urlencoded 198
dbug: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[1]
      POST requests are not supported
dbug: Microsoft.AspNetCore.Routing.RouteConstraintMatcher[1]
      Route value 'default' with key 'tradingcompany' did not match the constraint 'Microsoft.AspNetCore.Routing.Constraints.RegexInlineRouteConstraint'.
dbug: Microsoft.AspNetCore.Routing.RouteBase[1]
      Request successfully matched the route with name 'notradingCompany' and template '{tradingcompany=default}/{controller=Home}/{action=Index}/{id?}'.
dbug: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action Reports.Controllers.AccountController.ExternalLogin (Reports)
dbug: Microsoft.AspNetCore.Antiforgery.Internal.DefaultAntiforgery[2]
      Antiforgery successfully validated a request.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[1]
      Executing action method Reports.Controllers.AccountController.ExternalLogin (Reports) with arguments (Google, ) - ModelState is Valid
dbug: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action method Reports.Controllers.AccountController.ExternalLogin (Reports), returned result Microsoft.AspNetCore.Mvc.ChallengeResult.
info: Microsoft.AspNetCore.Mvc.ChallengeResult[1]
      Executing ChallengeResult with authentication schemes (Google).
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[8]
      AuthenticationScheme: Identity.External was successfully authenticated.
info: Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationMiddleware[13]
      AuthenticationScheme: Identity.External was forbidden.
info: Microsoft.AspNetCore.Authentication.Google.GoogleMiddleware[13]
      AuthenticationScheme: Google was forbidden.
info: Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker[2]
      Executed action Reports.Controllers.AccountController.ExternalLogin (Reports) in 15434.0834ms
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 15515.3863ms 302
dbug: Microsoft.AspNetCore.Server.Kestrel[9]
      Connection id "0HKTVL5U2IIFU" completed keep alive response.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[1]
      Request starting HTTP/1.1 GET http://localhost:5000/customer/Account/AccessDenied?ReturnUrl=%2Fcustomer%2Fdefault%2FAccount%2FExternalLoginCallback
dbug: Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware[4]
      The request path /Account/AccessDenied does not match a supported file type
dbug: Microsoft.AspNetCore.Routing.RouteConstraintMatcher[1]
      Route value 'Account' with key 'tradingcompany' did not match the constraint 'Microsoft.AspNetCore.Routing.Constraints.RegexInlineRouteConstraint'.
dbug: Microsoft.AspNetCore.Routing.RouteBase[1]
      Request successfully matched the route with name 'notradingCompany' and template '{tradingcompany=default}/{controller=Home}/{action=Index}/{id?}'.
dbug: Microsoft.AspNetCore.Mvc.Internal.MvcRouteHandler[3]
      No actions matched the current request
dbug: Microsoft.AspNetCore.Builder.RouterMiddleware[1]
      Request did not match any routes.
info: Microsoft.AspNetCore.Hosting.Internal.WebHost[2]
      Request finished in 38.4174ms 404
dbug: Microsoft.AspNetCore.Server.Kestrel[9]
      Connection id "0HKTVL5U2IIFU" completed keep alive response.
dbug: Microsoft.AspNetCore.Server.Kestrel[6]
      Connection id "0HKTVL5U2IIFU" received FIN.
dbug: Microsoft.AspNetCore.Server.Kestrel[10]
      Connection id "0HKTVL5U2IIFU" disconnecting.
dbug: Microsoft.AspNetCore.Server.Kestrel[7]
      Connection id "0HKTVL5U2IIFU" sending FIN.
dbug: Microsoft.AspNetCore.Server.Kestrel[8]
      Connection id "0HKTVL5U2IIFU" sent FIN with status "0".
dbug: Microsoft.AspNetCore.Server.Kestrel[2]
      Connection id "0HKTVL5U2IIFU" stopped.

[Tratcher]

duplicate of aspnet/Identity#915