Reputation: 4129
Identity Server Calling It's own configuration endpoint
I have two clients requiring authentication.
One client is a spa that uses implicit flow, and the other is a direct system integration that uses the client credentials flow for login.
For some reason, when my client credentials client calls my API, my Identity Server app tries to call the .well_known/openid-configuration endpoint on itself.
The call makes no sense, seeing that it is the server which is serving the configuration in the first place that is trying to call an endpoint in itself.
Is there a way to populate this configuration without having identity server call its own endpoint?
Below is a snippet with my Identity server configuration.
services.AddAuthentication(options =>
{
options.DefaultAuthenticateScheme = "Bearer";
options.DefaultChallengeScheme = "oidc";
}).AddOpenIdConnect("oidc", options =>
{
options.SignInScheme = openIdConnectConfig.SignInScheme;
options.SignOutScheme = IdentityServerConstants.SignoutScheme;
options.Authority = openIdConnectConfig.Authority;
options.RequireHttpsMetadata = false;
options.ClientId = clientConfig.First(x => x.ClientId == "spa_app").ClientId;
options.SaveTokens = true;
options.SignedOutRedirectUri = "http://localhost:8080";
}).AddIdentityServerAuthentication(options =>
{
options.Authority = openIdConnectConfig.Authority;
options.RequireHttpsMetadata = false;
options.ApiName = "api_client";
});
Upvotes: 1
Views: 487
Answers (1)
Reputation: 4802
It's not possible to prevent this behaviour (at least not unless you attempt to implement the IConfigurationManager<OpenIdConnectOptions>). This is actually an intended behaviour because you have your web app & identity server hosted on the same app. The call to its own endpoint is due to the AddOpenIdConnect authentication scheme which when you start up the app will fetch the identity provider metadata information for JWT validation purposes.
You could theoretically go and implement IConfigurationManager<OpenIdConnectOptions> that does not call the MetadataAddress endpoint and set that in the authentication scheme builder.
.AddOpenIdConnect("oidc", options =>
{
...
ConfigurationManager = myCustomConfigurationManager, //You would need to implement this
...
})
This is the culprit that's responsible for the call to the MetadataAddress endpoint which by default is authorityUri + /.well_known/openid-configuration.
I would advise against doing so because in the end you will need the identity provider metadata information anyway so would have to snapshot and store it locally or something like that.
Upvotes: 1
Related Questions
- IdentityServer4 Net Core 2 not calling custom iProfileService
- Change default endpoint in IdentityServer 4
- Using ASP.NET Core Identity with IdentityServer4 - Authentication
- ASP.NET Core returns InternalServerError while using Identity server
- AspNet Core3 Identity configuration
- Setup Identity Server For Some Controllers And Not Others In .NET Core Web API
- Asp.net Core with Identity server 4
- Identity server 4 and api application
- Identityserver4 and Api Resource in same Asp.net Application
- Setting endpoints to work when deployed Identity Server