Closed DavidLievrouw closed 6 years ago
leastprivilege
commented
6 years ago They are both called ValidateIssuer - but do different things.
Yeah it is tricky providing a combined options object..I'd rather expose the DiscoveryPolicy directly than doing this.
If you have a better idea - i am open for suggestions.
DavidLievrouw
commented
6 years ago I use a workaround by implementing IConfigureNamedOptions, in which I can do any additional configuration, which I can't using the overload that accepts IdentityServerAuthenticationOptions:
public class ConfigureOAuth2IntrospectionOptions : IConfigureNamedOptions<OAuth2IntrospectionOptions> {
public void Configure(OAuth2IntrospectionOptions options) {
options.DiscoveryPolicy.ValidateIssuerName = false;
}
public void Configure(string name, OAuth2IntrospectionOptions options) {
Configure(options);
}
}and registering it during startup:
public void ConfigureServices(IServiceCollection services) {
services.AddSingleton<IConfigureOptions<OAuth2IntrospectionOptions>, ConfigureOAuth2IntrospectionOptions>();
...
}Also a clean solution, imho. Thanks.
leastprivilege
commented
6 years ago FWIW - I added the DiscoveryPolicy as a top level property now.
Use case: I want to set introspectionOptions.DiscoveryPolicy.ValidateIssuerName to false, when validating reference tokens.
The overload of the extension method "AddIdentityServerAuthentication" that accepts IdentityServerAuthenticationOptions does not allow met to set that.
Using the overload that accepts JwtBearerOptions and OAuth2IntrospectionOptions does, but that requires me to duplicate the code in "IdentityServerAuthenticationOptions.ConfigureJwtBearer" and "IdentityServerAuthenticationOptions.ConfigureIntrospection" internal methods, into my project startup.
I would suggest adding the ValidateIssuer property to IdentityServerAuthenticationOptions.