Closed svrooij closed 8 years ago
We don't so any CORS work in the access token validation MW -- that's up to you.
It would be nice to have an option in the app.UseIdentityServerVearerTokenAuthentication(...)
call to say, RegisterIdentityServerCorsPolicy = true
What would then fetch all registered Cors from IdentityServer and register a CorsPolicy for it, like it does on IdentityServer3 itself.
separation of concerns.
That's separate middleware
Do you know if identity server provides something like the .well-known/openid-connect for fetching the Cors? Willing to create middleware for this purpose.
I don't follow.
Can I get a Json file with all the CORS defined in IdentityServer. Or does this need to be build as well.
IdentityServer's allowed CORS origins is for Ajax calls to its endpoints, not your web apis endpoints. If you want your web apis to use the same list, then you'd have to build something to share them.
Current setup:
We want to enforce the CORS specified in the IdentityServer on the API, and not just allow every site to use it. Is this possible?
Currently we use Microsoft.Owin.Cors