Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are wildcards allowed in IdentityServer Client Redirect Urls

I'm running through cooking up my own test IdentityServer, but I'm hitting a snag. The ClientUri and RedirectUris must be specified for every browser based client. I know these can be stored in the DB, but is there any way to insert wildcards here?

Each of our customers receive their own subdomain and I would like to simplify user management by allowing all browsers attempting to access any of our apps at *.ourcompany.com to be treated as the same client in the identity server. Is this possible.

like image 398
Ian Avatar asked May 04 '17 20:05

Ian


2 Answers

You can implement your own redirect URI validator. But for security reasons, this is not recommended as it expands the attack surface.

  1. Redirect Uri Validator Interface
  2. How to register your custom validator
  3. Discussion about redirect uri


Identity Server4

I think you can add AddCustomAuthorizeRequestValidator in the startup. Still, it is not recommended to modify the redirect URI validation.

  1. Add Custom services
  2. Related Discussion
like image 183
rawel Avatar answered Sep 29 '22 08:09

rawel


For IdentityServer4, you can implement your own IRedirectUriValidator and register it using the AddRedirectUriValidator extension method in Startup.cs.

services.AddIdentityServer(options =>
    {
        // ...
    })
    .AddRedirectUriValidator<CustomRedirectUriValidator>();

By default, the StrictRedirectUriValidator is registered but can be overridden by calling .AddRedirectUriValidator as shown above.

like image 24
huysentruitw Avatar answered Sep 29 '22 07:09

huysentruitw