问题
I'm running through cooking up my own test IdentityServer, but I'm hitting a snag. The ClientUri and RedirectUris must be specified for every browser based client. I know these can be stored in the DB, but is there any way to insert wildcards here?
Each of our customers receive their own subdomain and I would like to simplify user management by allowing all browsers attempting to access any of our apps at *.ourcompany.com to be treated as the same client in the identity server. Is this possible.
回答1:
You can implement your own redirect URI validator. But for security reasons, this is not recommended as it expands the attack surface.
- Redirect Uri Validator Interface
- How to register your custom validator
- Discussion about redirect uri
Identity Server4
I think you can add AddCustomAuthorizeRequestValidator in the startup. Still, it is not recommended to modify the redirect URI validation.
- Add Custom services
- Related Discussion
回答2:
For IdentityServer4, you can implement your own IRedirectUriValidator and register it using the AddRedirectUriValidator extension method in Startup.cs.
services.AddIdentityServer(options =>
{
// ...
})
.AddRedirectUriValidator<CustomRedirectUriValidator>();
By default, the StrictRedirectUriValidator is registered but can be overridden by calling .AddRedirectUriValidator as shown above.
来源:https://stackoverflow.com/questions/43792241/are-wildcards-allowed-in-identityserver-client-redirect-urls