Issuer URI should not be converted to lowercase

[aristotelos]

As reported #1501, the issuer URI is converted to lowercase by IdentityServer in its .well-known/openid-configuration response. This is invalid behavior, because the path part of the URL is case sensitive (the host and scheme are case insensitive). See this StackOverflow post and its referred RFCs.

The fix for #1501 has been made as an option in the OpenID Connect discovery client, but that is only a workaround and not a fix for the bug that IdentityServer changes the case of its issuer.

I am currently using the "IssuerUri" option to work around this issue, but would still like to report it as a bug.

[leastprivilege]

Important update

This organization is not maintained anymore besides critical security bugfixes (if feasible). This organization will be archived when .NET Core 3.1 end of support is reached (3rd Dec 2022). All new development is happening in the new Duende Software organization.

The new Duende IdentityServer comes with a commercial license but is free for dev/testing/personal projects and companies or individuals making less than 1M USD gross annnual revenue. Please get in touch with us if you have any question.