Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to change IdentityServer OIDC discovery endpoint base url?

IdentityServer4 provides an OIDC discovery endpoint, which can be used to retrieve metadata about the authorization server including the Token Endpoint. The discovery endpoint is available via /.well-known/openid-configuration relative to the base address of your Token Server. For example, if we run the application locally and perform a GET request to the following endpoint:

https://localhost:44354/.well-known/openid-configuration

We will then be presented with the following JSON schema below:

{
    "issuer": "https://localhost:44354",
    "jwks_uri": "https://localhost:44354/.well-known/openid-configuration/jwks",
    "authorization_endpoint": "https://localhost:44354/connect/authorize",
    "token_endpoint": "https://localhost:44354/connect/token",
    "userinfo_endpoint": "https://localhost:44354/connect/userinfo",
    "end_session_endpoint": "https://localhost:44354/connect/endsession",
    
    // code omitted for brevity
}

Based on "The discovery endpoint is available via /.well-known/openid-configuration relative to the base address of your Token Server" clause, I am wondering how can I change this endpoint's base address. Is it possible in an ASP.NET Core application?

like image 276
Jack Avatar asked Sep 03 '25 15:09

Jack


1 Answers

Won't help the op, but for others...

I'm not sure that it's a documented approach, but this works (place before UseIdentityServer):

    app.Use(async (ctx, next) =>
    {
        var serverUrls = ctx.RequestServices.GetRequiredService<IServerUrls>();
        serverUrls.Origin = serverUrls.Origin = "https://yourneworigin";
        await next();
    });

    app.UseIdentityServer();

I'm using it as a temporary workaround until our reverse proxy gets configured correctly.

For those that are here because of reverse proxy issues, Duende have this documentation: https://docs.duendesoftware.com/identityserver/v6/deployment/proxies/

Note a couple of important facets:

  • Use UseForwardedHeaders needs to be at the start of the pipeline
  • The reverse proxy needs configuring to send the "forwarded for" headers
like image 99
ClimberG Avatar answered Sep 05 '25 04:09

ClimberG