EndpointReference always resolves to a URI that uses the ContainerHost property when evaluated in the context of a container resource, but sometimes the endpoint address using the natural host (i.e. localhost) is required.
For example, in the eShop workshop, a Keycloak container is used as the IDP. This resource requires the addresses of the web apps using the IDP for federated authentication via OIDC. It actually needs the addresses in two formats:
Resolvable by the IDP itself, i.e. the container host version
Resolvable by users in the OIDC flows the IDP and web app clients are part of, i.e. the localhost version
This is because as part of the various OIDC flows, the IDP needs to verify that requests originate from URLs allowed for the configured client apps (the non-container-host address), but in some cases it also needs to actually make calls to the client apps (the container-host address).
EndpointReference
always resolves to a URI that uses theContainerHost
property when evaluated in the context of a container resource, but sometimes the endpoint address using the natural host (i.e.localhost
) is required.For example, in the eShop workshop, a Keycloak container is used as the IDP. This resource requires the addresses of the web apps using the IDP for federated authentication via OIDC. It actually needs the addresses in two formats:
This is because as part of the various OIDC flows, the IDP needs to verify that requests originate from URLs allowed for the configured client apps (the non-container-host address), but in some cases it also needs to actually make calls to the client apps (the container-host address).
In the workshop app, I had to reconstruct the non-container-host version of the address manually so that it could be injected into the IDP resource: https://github.com/dotnet-presentations/eshop-app-workshop/blob/66226ea402e0d2cb60c52a3d893414e2947525b3/src/eShop.AppHost/Program.cs#L48-L64
We should make it possible to specify which host property is used when an
EndpointReference
is resolved.