diff --git a/src/Security/Authentication/OAuth/src/LoggingExtensions.cs b/src/Security/Authentication/OAuth/src/LoggingExtensions.cs
new file mode 100644
index 0000000000..41435ceb51
--- /dev/null
+++ b/src/Security/Authentication/OAuth/src/LoggingExtensions.cs
@@ -0,0 +1,23 @@
+// Copyright (c) .NET Foundation. All rights reserved.
+// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
+
+using System;
+
+namespace Microsoft.Extensions.Logging
+{
+    internal static class LoggingExtensions
+    {
+        private static Action<ILogger, string, string, Exception> _handleChallenge;
+
+        static LoggingExtensions()
+        {
+            _handleChallenge = LoggerMessage.Define<string, string>(
+                eventId: new EventId(1, "HandleChallenge"),
+                logLevel: LogLevel.Debug,
+                formatString: "HandleChallenge with Location: {Location}; and Set-Cookie: {Cookie}.");
+        }
+
+        public static void HandleChallenge(this ILogger logger, string location, string cookie)
+            => _handleChallenge(logger, location, cookie, null);
+    }
+}
diff --git a/src/Security/Authentication/OAuth/src/OAuthHandler.cs b/src/Security/Authentication/OAuth/src/OAuthHandler.cs
index 05ba4df68d..8bbe34f4b0 100644
--- a/src/Security/Authentication/OAuth/src/OAuthHandler.cs
+++ b/src/Security/Authentication/OAuth/src/OAuthHandler.cs
@@ -14,6 +14,7 @@ using Microsoft.AspNetCore.WebUtilities;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
+using Microsoft.Net.Http.Headers;
 using Newtonsoft.Json.Linq;
 
 namespace Microsoft.AspNetCore.Authentication.OAuth
@@ -215,6 +216,18 @@ namespace Microsoft.AspNetCore.Authentication.OAuth
                 Context, Scheme, Options,
                 properties, authorizationEndpoint);
             await Events.RedirectToAuthorizationEndpoint(redirectContext);
+
+            var location = Context.Response.Headers[HeaderNames.Location];
+            if (location == StringValues.Empty)
+            {
+                location = "(not set)";
+            }
+            var cookie = Context.Response.Headers[HeaderNames.SetCookie];
+            if (cookie == StringValues.Empty)
+            {
+                cookie = "(not set)";
+            }
+            Logger.HandleChallenge(location, cookie);
         }
 
         protected virtual string BuildChallengeUrl(AuthenticationProperties properties, string redirectUri)
diff --git a/src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs b/src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs
index 2994982521..791eb6064b 100644
--- a/src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/LoggingExtensions.cs
@@ -56,6 +56,7 @@ namespace Microsoft.Extensions.Logging
         private static Action<ILogger, Exception> _remoteSignOutSessionIdMissing;
         private static Action<ILogger, Exception> _remoteSignOutSessionIdInvalid;
         private static Action<ILogger, string, Exception> _authenticationSchemeSignedOut;
+        private static Action<ILogger, string, string, Exception> _handleChallenge;
 
         static LoggingExtensions()
         {
@@ -260,6 +261,10 @@ namespace Microsoft.Extensions.Logging
                 formatString: "RedirectToSignedOutRedirectUri.Skipped");
 
             //  EventId 52 is used by ResponseErrorWithStatusCode
+            _handleChallenge = LoggerMessage.Define<string, string>(
+                eventId: new EventId(53, "HandleChallenge"),
+                logLevel: LogLevel.Debug,
+                formatString: "HandleChallenge with Location: {Location}; and Set-Cookie: {Cookie}.");                
         }
 
         public static void UpdatingConfiguration(this ILogger logger)
@@ -506,5 +511,8 @@ namespace Microsoft.Extensions.Logging
         {
             _authenticationSchemeSignedOut(logger, authenticationScheme, null);
         }
+
+        public static void HandleChallenge(this ILogger logger, string location, string cookie)
+            => _handleChallenge(logger, location, cookie, null);
     }
 }
diff --git a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
index dddb10dda5..fe6a03a3ea 100644
--- a/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
+++ b/src/Security/Authentication/OpenIdConnect/src/OpenIdConnectHandler.cs
@@ -16,6 +16,7 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
+using Microsoft.Extensions.Primitives;
 using Microsoft.IdentityModel.Protocols.OpenIdConnect;
 using Microsoft.IdentityModel.Tokens;
 using Microsoft.Net.Http.Headers;
@@ -304,6 +305,22 @@ namespace Microsoft.AspNetCore.Authentication.OpenIdConnect
         /// </summary>
         /// <returns></returns>
         protected override async Task HandleChallengeAsync(AuthenticationProperties properties)
+        {
+            await HandleChallengeAsyncInternal(properties);
+            var location = Context.Response.Headers[HeaderNames.Location];
+            if (location == StringValues.Empty)
+            {
+                location = "(not set)";
+            }
+            var cookie = Context.Response.Headers[HeaderNames.SetCookie];
+            if (cookie == StringValues.Empty)
+            {
+                cookie = "(not set)";
+            }
+            Logger.HandleChallenge(location, cookie);
+        }
+
+        private async Task HandleChallengeAsyncInternal(AuthenticationProperties properties)
         {
             Logger.EnteringOpenIdAuthenticationHandlerHandleUnauthorizedAsync(GetType().FullName);