leastprivilege
commented
7 years ago Yes - that probably doesn't work.
You could fallback to the IntrospectionClient class in IdentityModel and write your own middleware to accommodate for that scenario.
Closed mangelarilla closed 7 years ago
leastprivilege
commented
7 years ago Yes - that probably doesn't work.
You could fallback to the IntrospectionClient class in IdentityModel and write your own middleware to accommodate for that scenario.
mangelarilla
commented
7 years ago I followed your advice and I've built a middleware for the Introspection endpoint, I guess this has to replace the app.UseIdentityServerAuthentication, but I think I've missed something related with NopAuthenticationMiddleware as I get a 404 in the response when I try to send an expired token (not valid) and IDSRV logs tell me Bearer was not authenticated, No token found (from the NopAuthenticationMiddleware).
The middleware, rather simple now, no caching and few checks, just for making it work: Gist
Logs:
Microsoft.AspNetCore.Hosting.Internal.WebHost:Information: Request starting HTTP/1.1 POST http://localhost:44340/ application/x-www-form-urlencoded 231
IdentityServer4.AccessTokenValidation.Infrastructure.NopAuthenticationMiddleware:Information: Bearer was not authenticated. Failure message: No token found.
Ok, found the problem. I was doing a bad assumption on the endpoint and the connect/introspect was not being added to the path causing all these troubles. Updated the gist: Gist
I am using a custom MessageHandler for the IntrospectionBackChannelHandler configuration property.
The thing is that I am trying to add a custom header to the instrospection request based on a header of the client request to the resource, but I cannot access the client request, neither by IHttpContextAccessor, it seems to be executed before populating this context.