stackedbitz

Furthermore, would you be open to a PR having IdentityServerAuthProvider implement IAuthWithRequest with: ``` public void PreAuthenticate(IRequest req, IResponse res) { var bearerToken = req.GetBearerToken(); var authService = req.TryResolve(); authService.Request...

**Cause** If you're using AuthProviderType of either ServiceAuthProvider and ImpersonationAuthProvider, then `referrerUrl` is never set in `ValidateCallbackRequirements(IAppHost appHost)`. This is problematic since `RefreshSettings()` tries to update `CallbackUrl` regardless of AuthProviderType,...

Better yet, why not just remove the line: `if (!providersThatShouldValidateCallbackUrl.Contains(providerType)) return;` This way the CallbackUrl is always valid, whether or not it's used.