Change default endpoint in IdentityServer 4
Asked Answered
P

4

8

I was working around IdentityServer 4 (1.0.0-beta5).

By default, the endpoint for authentication is: '/connect/token'.

How can I change the default endpoints in IdentityServer, for instance to: '/api/login'?

Thanks

Presswork answered 27/8, 2016 at 22:57 Comment(0)
O
6

Right now you cannot change the endpoint URLs of the protocol endpoints. If you think this is needed, please open an issue on github.

Outpatient answered 28/8, 2016 at 11:46 Comment(1)
We're doing the same thing as @mfarouk suggested, (using the IEndpointRouter) to customize the endSession and log-in process, but the problem is this interface doesn't support async operations. do you have any suggestions that help me achieve the same asynchronously ?Mada
W
13

Once you setup Identity Server 4 at Startup - you could use this "hack" and update the endpoint paths:

        var builder = services.AddIdentityServer()
            .AddDeveloperSigningCredential()
            .AddInMemoryApiResources(Config.GetApiResources())
            .AddInMemoryClients(Config.GetClients());

        builder.Services
            .Where(service => service.ServiceType == typeof(Endpoint))
            .Select(item => (Endpoint)item.ImplementationInstance)
            .ToList()
            .ForEach(item => item.Path = item.Path.Value.Replace("/connect", ""));

Basically - Endpoint's such as TokenEndpoint, AuthorizeEndpoint classes are internally registered once you call AddIdentityServer - when it calls AddDefaultEndPoints method. Now Endpoint's are iterated upon receiving each request to match the requested Url; so changing the path would immediately take effect.

Please note that in the above example - I have removed all the "/connect" values from any of the paths that were prefixed with it.

Werby answered 6/4, 2018 at 15:24 Comment(2)
unfortunately doesn't seem to change the discovery docRollie
To also change the discovery doc, create a class that extends IdentityServer4.ResponseHandling.DiscoveryResponseGenerator and override CreateDiscoveryDocumentAsync to return the values you want for the different fields in the doc. Then add the class to DI with services.AddTransient<IDiscoveryResponseGenerator, YourDiscoveryResponseGenerator>();Minuend
O
6

Right now you cannot change the endpoint URLs of the protocol endpoints. If you think this is needed, please open an issue on github.

Outpatient answered 28/8, 2016 at 11:46 Comment(1)
We're doing the same thing as @mfarouk suggested, (using the IEndpointRouter) to customize the endSession and log-in process, but the problem is this interface doesn't support async operations. do you have any suggestions that help me achieve the same asynchronously ?Mada
W
5

it is a bit old question now, this is just another way that not seems much as a hack

IdentityServer4 provides a service called IEndpointRouter this service if was overridden with your custom logic will allow you to map the path requested by your client to the one of IdentityServer4 endpoints. based on default implementation of IEndpointRouter (which is internal btw) i have written this class to do the mapping on my own.

internal class CustomEndpointRouter : IEndpointRouter
{
    const string TOKEN_ENDPOINT = "/oauth/token";

    private readonly IEnumerable<Endpoint> _endpoints;
    private readonly IdentityServerOptions _options;
    private readonly ILogger _logger;

    public CustomEndpointRouter (IEnumerable<Endpoint> endpoints, IdentityServerOptions options, ILogger<CustomEndpointRouter > logger)
    {
        _endpoints = endpoints;
        _options = options;
        _logger = logger;
    }

    public IEndpointHandler Find(Microsoft.AspNetCore.Http.HttpContext context)
    {
        if (context == null) throw new ArgumentNullException(nameof(context));

        if (context.Request.Path.Equals(TOKEN_ENDPOINT, StringComparison.OrdinalIgnoreCase))
        {
            var tokenEndPoint = GetEndPoint(EndpointNames.Token);
            return GetEndpointHandler(tokenEndPoint, context);
        }
        //put a case for all endpoints or just fallback to IdentityServer4 default paths
        else
        {
            foreach (var endpoint in _endpoints)
            {
                var path = endpoint.Path;
                if (context.Request.Path.Equals(path, StringComparison.OrdinalIgnoreCase))
                {
                    var endpointName = endpoint.Name;
                    _logger.LogDebug("Request path {path} matched to endpoint type {endpoint}", context.Request.Path, endpointName);

                    return GetEndpointHandler(endpoint, context);
                }
            }
        }
        _logger.LogTrace("No endpoint entry found for request path: {path}", context.Request.Path);
        return null;
    }

    private Endpoint GetEndPoint(string endPointName)
    {
        Endpoint endpoint = null;
        foreach (var ep in _endpoints)
        {
            if (ep.Name == endPointName)
            {
                endpoint = ep;
                break;
            }
        }
        return endpoint;
    }

    private IEndpointHandler GetEndpointHandler(Endpoint endpoint, Microsoft.AspNetCore.Http.HttpContext context)
    {
        if (_options.Endpoints.IsEndpointEnabled(endpoint))
        {
            var handler = context.RequestServices.GetService(endpoint.Handler) as IEndpointHandler;
            if (handler != null)
            {
                _logger.LogDebug("Endpoint enabled: {endpoint}, successfully created handler: {endpointHandler}", endpoint.Name, endpoint.Handler.FullName);
                return handler;
            }
            else
            {
                _logger.LogDebug("Endpoint enabled: {endpoint}, failed to create handler: {endpointHandler}", endpoint.Name, endpoint.Handler.FullName);
            }
        }
        else
        {
            _logger.LogWarning("Endpoint disabled: {endpoint}", endpoint.Name);
        }

        return null;
    }
}

internal static class EndpointOptionsExtensions
{
    public static bool IsEndpointEnabled(this EndpointsOptions options, Endpoint endpoint)
    {
        switch (endpoint?.Name)
        {
            case EndpointNames.Authorize:
                return options.EnableAuthorizeEndpoint;
            case EndpointNames.CheckSession:
                return options.EnableCheckSessionEndpoint;
            case EndpointNames.Discovery:
                return options.EnableDiscoveryEndpoint;
            case EndpointNames.EndSession:
                return options.EnableEndSessionEndpoint;
            case EndpointNames.Introspection:
                return options.EnableIntrospectionEndpoint;
            case EndpointNames.Revocation:
                return options.EnableTokenRevocationEndpoint;
            case EndpointNames.Token:
                return options.EnableTokenEndpoint;
            case EndpointNames.UserInfo:
                return options.EnableUserInfoEndpoint;
            default:
                // fall thru to true to allow custom endpoints
                return true;
        }
    }
}

public static class EndpointNames
{
    public const string Authorize = "Authorize";
    public const string Token = "Token";
    public const string DeviceAuthorization = "DeviceAuthorization";
    public const string Discovery = "Discovery";
    public const string Introspection = "Introspection";
    public const string Revocation = "Revocation";
    public const string EndSession = "Endsession";
    public const string CheckSession = "Checksession";
    public const string UserInfo = "Userinfo";
}

Then you just need to register this CustomEndpointRouter service like below

services.AddTransient<IEndpointRouter, CustomEndpointRouter>();

please note that this updated path's will not appear in discovery document

Wide answered 12/3, 2019 at 8:50 Comment(0)
H
4

You can try this services.AddIdentityServer(options => options.PublicOrigin = "URL")

check this link. http://amilspage.com/set-identityserver4-url-behind-loadbalancer/

Hullo answered 12/11, 2019 at 11:17 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.