Token validation options

[pecanw]

What issue does this PR address? #4965 - Multiple valid issuers

Does this PR introduce a breaking change? NO

[dnfadmin]

All CLA requirements met.

[leastprivilege]

Thanks for your contribution!

IdentityServer4 is feature complete.

All new feature work will happen in our new organization. The new Duende IdentityServer is available under both a FOSS (RPL) and a commercial license. Development and testing is always free. Contact us for more information.

This repo will be maintained with bug fixes and security updates until November 2022.

[leastprivilege]

That being said, you can implement this feature yourself using our standard extensibility - so you have a workaround.

[pecanw]

Can you advise me how to extend it? The TokenValidator is internal and there's no option to change the TokenValidationParameters:

            var parameters = new TokenValidationParameters
            {
                ValidIssuer = _context.HttpContext.GetIdentityServerIssuerUri(),
                IssuerSigningKeys = validationKeys.Select(k => k.Key),
                ValidateLifetime = validateLifetime
            };

The only option is to write completely custom implementation of the ITokenValidator which is in general not a good idea. Even an ugly "copy-paste-rewrite" approach is not applicable as e.g TokenValidationLog is internal.

[leastprivilege]

Hm - OK - then I am wrong. Need to discuss this.

[redoz]

@leastprivilege Any updates on this? We're in the same situation as OP and would love to see this merged.

[leastprivilege]

I am sorry, but we are not making feature updates anymore to v4.

Feel free to do a feature request in our new repo, we are happy to discuss this.

https://github.com/DuendeSoftware/IdentityServer