RequireHttpsMetadata only used for JWT

[thijscrombeen]

Is it by design that RequireHttpsMetadata is only used when dealing with JWT tokens?

In case of Reference Tokens this property is not used. The following error is returned: InvalidOperationException: Error parsing discovery document from http://identity-server.local:8080/.well-known/openid-configuration: Error connecting to http://identity-server.local:8080/.well-known/openid-configuration: HTTPS required

I guess this is simple solved by adding: introspectionOptions.DiscoveryPolicy.RequireHttps = RequireHttpsMetadata;

Thanks,

[leastprivilege]

Good point. Done on dev.