Not able to enable CORS for identity server 4 in asp.net core

Question

Ok, I have added CORS policy for my dot net core APIs but somehow these CORS policies are not working for identity server 4 endpoints. I have following api where I try to r

Answer 1

If you are using IdentityServer 4 with clients for authentication you must configure CORS with IdentityServer 4 see : IdentityServer4CORS

IdentityServer4 CORS is for the token endpoint only. What you did is configure the CORS for all the controller/methods which is probably correct in your case. However, you won't be able to retrieve the token if you don't enable CORS on identityserver4.

You can either add a list of allowed CORS to your clients that will be added to the identityserver database OR add a global default one like this :

var cors = new DefaultCorsPolicyService(_loggerFactory.CreateLogger<DefaultCorsPolicyService>())
{
    AllowedOrigins = { "https://foo", "https://bar" }
};
services.AddSingleton<ICorsPolicyService>(cors);

Note that you can manually add it to the database too.

Answer 2

This works for the newer version of the server.

    services.AddSingleton<ICorsPolicyService>((container) => {
        var logger = container.GetRequiredService<ILogger<DefaultCorsPolicyService>>();
        return new DefaultCorsPolicyService(logger)
        {
            AllowAll = true
        };
    });

more details here at this discussion, with credit to the original author

https://github.com/IdentityServer/IdentityServer4/issues/4685