Kévin Chalet
Kévin Chalet
Given that client assertions are not really a common thing in most libs, I think it's safe to assume the good old `client_secret_basic` and `client_secret_post` will be used in 99%...
Well, you'll still be able to override `OpenIddictApplicationManager.GetSigningKeysAsync(...)` to resolve them from wherever you want. That said, for client authentication, the OpenIddict server components will only need the public part...
I opened https://github.com/openiddict/openiddict-core/issues/1252 to track the ability to make things dynamic by resolving the JWKS from the API server.
@yedidyas wooops, I should have been more specific: this ticket is about allowing multiple client registrations pointing to the same issuer **in the new OpenIddict client that will ship as...
After thinking about it, supporting multiple client registrations for the same issuer would be incompatible with webfinger-based discovery, should OpenIddict implement it in the future. Closing as _wontfix_.
Thanks @Darthruneis! > My best guess is to fix them/update them after they have broken during changes for 3.0, is that correct? Yep, exactly. There are also new methods that...
The reason is actually explained here: https://github.com/openiddict/openiddict-core/blob/11d3a2eb8d30c0307c1f9098b8bcdeeeb88fd2e9/src/OpenIddict.EntityFrameworkCore/Stores/OpenIddictEntityFrameworkCoreAuthorizationStore.cs#L708-L711 The original idea was that by using a transaction, we reduced the risks of seeing the removal of 1 000 tokens fail just...
Note: we use the same approach when removing applications/authorizations: in this case, getting rid of the transaction is way more problematic as authorizations and tokens can still be possibly created...
The work required to implement delegation support was supposed to be funded by a company but they changed their mind and opted for a different approach so it's no longer...
The events model approach is perfectly fine, but you can also define the expiration lifetimes per-client/user/session directly from your authorization controller using the dedicated extensions: https://stackoverflow.com/questions/42442109/is-there-a-way-to-have-different-ticket-expiry-lengths-in-openiddict That said, we could...