Issuer is overriden in validation

[SebastianStehle]

Confirm you've already contributed to this project or that you sponsor it

• I confirm I'm a sponsor or a contributor

Version

4.x

Describe the bug

At the moment I am not a contributor, because Paypal has been removed from Github and I am waiting for a new credit card (not that important in Germany to have one).

I hope it is okay to report the issue anyway. I will fix this on my side soon.

I have configured a custom Issuer URL that is configured on the server side and a call to ÙseLocalServer on the validation side. With the migration to 4.X this does not work anymore.

Basically my code looks like this:

services.Configure<OpenIddictServerOptions>((c, options) =>
{
   options.IssuerUrl = "...";
});
   
services.AddOpenIddict()
    .AddValidation(builder =>
    {
         builder.UseLocalServer();
    });

Here is what happens in my opinion. It took me a while to figure this out:

1. UseLocalServer() registers an options configurator that copies the settings from the server:

https://github.com/openiddict/openiddict-core/blob/dev/src/OpenIddict.Validation.ServerIntegration/OpenIddictValidationServerIntegrationConfiguration.cs#L41

2. After everything is copied the configuration validator kicks in and overrides the configuration issuer with the issuer from the options, which has never been configured:

https://github.com/openiddict/openiddict-core/blob/dev/src/OpenIddict.Validation/OpenIddictValidationConfiguration.cs#L96

I have added a custom configurator which issuer with the configuration issuer:

options.Issuer = options.Configuration.Issuer;

This solves the issue.

To reproduce

See above

Exceptions (if any)

No response

[kevinchalet]

At the moment I am not a contributor, because Paypal has been removed from Github and I am waiting for a new credit card (not that important in Germany to have one).

I hope it is okay to report the issue anyway. I will fix this on my side soon.

Sadly, you're not the only one impacted by this change (many OpenIddict sponsorships were automatically canceled by GitHub due to PayPal no longer being supported 😭).

If you prefer PayPal, you can still support the project via https://paypal.me/kevinchalet (you won't get the badge on GitHub, but you'll get all the benefits of the tier corresponding to the amount you sent).

Regarding the bug you mentioned, I'll make sure it's fixed in the next version.

[SebastianStehle]

I had issues with 2 factor auth and my credit card (don't remember the actual name of the process) and I have not even tried it without at Github. But it seems it just works, so I have renewed my sponsorship.

Do I get a fast hotfix? ;)

[kevinchalet]

Do I get a fast hotfix? ;)

It will be part of the 4.2 release that will ship next week with tons of new web providers for the client stack and some interop improvements.

[SebastianStehle]

It is only a few lines anyway:

.AddValidation(builder =>
            {
                builder.UseLocalServer();
                builder.UseAspNetCore();

                builder.Configure(options =>
                {
                    options.Issuer = options.Configuration?.Issuer;
                });
            });`

[kevinchalet]

Yeah. Calling options.SetIssuer(…) should work too 😄

[SebastianStehle]

Yes, but I need a service to calculate the issuer URL. Therefore I am doing it like this:

// Custom extension method.
services.Configure<OpenIddictServerOptions>((c, options) =>
{
     var urlGenerator = c.GetRequiredService<IUrlGenerator>();
     options.Issuer = ...;
});

Then I have to repeat this again for the validation options.

[kevinchalet]

Ah yeah, makes sense 👍🏻

[kevinchalet]

@SebastianStehle I just merged the fix and it's available in the 4.2.0-preview1.23174.52 nightly builds if you're interested in giving a try 😃

Thanks again for sponsoring the project! ❤️