Closed JamesDunlop closed 7 years ago
Hi @JamesDunlop, I'm your friendly neighborhood .NET Foundation Pull Request Bot (You can call me DNFBOT). Thanks for your contribution! In order for us to evaluate and accept your PR, we ask that you sign a contribution license agreement. It's all electronic and will take just minutes. I promise there's no faxing. https://cla2.dotnetfoundation.org.
TTYL, DNFBOT;
@JamesDunlop, Thanks for signing the contribution license agreement so quickly! Actual humans will now validate the agreement and then evaluate the PR.
Thanks, DNFBOT;
This would be totally possible simply by using the back-channel handler. Or am I missing something?
@leastprivilege I missed commenting prior to the closure of this PR.
The reason for this additional mutator, is that the back-channel handler does not have access to the incoming context.
By contrast the mutator is passed the AuthenticationTokenReceivedContext, and therefore has the ability to interrogate this context. Useful items like incoming HTTP headers can be parsed from the context and then passed along on the back channel request.
For example this allows adding custom headers to the token validation back-channel request to Identity Server.
One use case is to track the edge request origin and scheme when passing through authenticated requests behind a load balanceer.