Joe DeCock

@brockallen or @leastprivilege, I have a few questions about this: 1. What kind of logic are we looking for on request validation? How about something like certain acr_values are allowed...

I had some feedback on the linked PR, and then it was closed by the submitter.

As to what we do with this now, I'm not sure, but I don't think this is a high priority. Maybe keep the issue around in case someone wants to...

> The argument against is: simpler code is easier to maintain, I'm scared about deadlocks, and all consumers have to pay the cost of acquiring the lock even if they...

Note that we will only set the Raw and not validate and parse the jwt for simplicity and to avoid a dependency on the JWT library.

We have a proof of concept implementation in this branch: https://github.com/DuendeSoftware/IdentityServer/tree/dom/dcr-poc, and releasing it in 6.3 is a top priority for me.

We've decided not to change the discovery cache to prevent multiple threads making disco requests. The reasons to not do it are that identity model remains simpler, we don't risk...

Sorry, we don't have an official sample of this feature.

@stefannikolei, thanks for this contribution! I'd be really interested to get an overall picture of where we could most benefit from optimizations. What made you want to optimize this function...

The assumption is that the client application is going to extract the claims identity and tokens from the login result, and store them in some way that is appropriate for...