In the PreviewController we are injecting IOptionsSnapshot<PreviewOptions> meaning it'll be created for each request. This meant that the default key used to sign the JWT was regenerated each time the controller was hit, and hence different when it's validated in the PreviewMiddleware
This PR moves the generation of the SigningCredentials to the AddPreview method instead and sets it on the options if no user SigningCredentials is set
In the
PreviewControllerwe are injectingIOptionsSnapshot<PreviewOptions>meaning it'll be created for each request. This meant that the default key used to sign theJWTwas regenerated each time the controller was hit, and hence different when it's validated in thePreviewMiddlewareThis PR moves the generation of the
SigningCredentialsto theAddPreviewmethod instead and sets it on the options if no userSigningCredentialsis set