Dominick Baier

Yes this "internalizing JSON.NET" was a horrible decision, it breaks code in many scenarios.

> replace the external Newtonsoft package. Not sure how this is related to trust. The fact that your public API is exposing the internalized JSON objects in various places is...

> we want control over what assemblies we link to I understand that. But "internalizing" doesn't necessarily mean making the types `internal` - because that is causing the main issues...

Yes - it is pretty annoying that this doesn't get fixed. The related issues around JSON objects and the discovery endpoint prevents customers from upgrading to .NET 5.

Ok then...performance was actually never a concern of mine...but sounds exciting.

AFAIK this is all fixed in v5+

> and 4.1.2 of IdentityServer4 yea sorry - I meant IdentityServer v5

Seems to be an SSL problem. Beyond that - I don't know.

There is a backchanel handler or client property on the options. There you can configure the client used for backchannel requests..

see here: https://github.com/IdentityModel/IdentityModel.OidcClient/issues/292