Open pbartos opened 8 years ago
Have you tried adding idsrv
to the restriction list?
Yeah, of course. And it works. Restriction list should be used only for external providers (by @brockallen ). There is no reason to fact that you have to define also idrsv in restriction list. It's nothing critical but it cause confusions and small problems when you try to use restriction list.
@pbartos I took the liberty of adding your proposed solution including a unit test in PR #3673
When I enable IdentityProviderRestrictions then I get message "User is logged in with idp: idsrv, but idp not in client restriction list." on local login. This is due to fact that in ProcessClientLoginAsync is checked restriction list even the currentIdp is BuiltInIdentityProvider (idsrv).
Shouldn't be there:
if (currentIdp != Constants.BuiltInIdentityProvider && request.Client.IdentityProviderRestrictions != null && request.Client.IdentityProviderRestrictions.Any())
instead of current:
if (request.Client.IdentityProviderRestrictions != null && request.Client.IdentityProviderRestrictions.Any())
Thanks.