I'm running through cooking up my own test IdentityServer, but I'm hitting a snag. The ClientUri and RedirectUris must be specified for every browser based client. I know these can be stored in the DB, but is there any way to insert wildcards here?
Each of our customers receive their own subdomain and I would like to simplify user management by allowing all browsers attempting to access any of our apps at *.ourcompany.com to be treated as the same client in the identity server. Is this possible.
You can implement your own redirect URI validator. But for security reasons, this is not recommended as it expands the attack surface.
Identity Server4
I think you can add AddCustomAuthorizeRequestValidator
in the startup. Still, it is not recommended to modify the redirect URI validation.
For IdentityServer4, you can implement your own IRedirectUriValidator
and register it using the AddRedirectUriValidator
extension method in Startup.cs.
services.AddIdentityServer(options =>
{
// ...
})
.AddRedirectUriValidator<CustomRedirectUriValidator>();
By default, the StrictRedirectUriValidator
is registered but can be overridden by calling .AddRedirectUriValidator
as shown above.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With