I was working around IdentityServer 4 (1.0.0-beta5).
By default, the endpoint for authentication is: '/connect/token'.
How can I change the default endpoints in IdentityServer, for instance to: '/api/login'?
Thanks
I was working around IdentityServer 4 (1.0.0-beta5).
By default, the endpoint for authentication is: '/connect/token'.
How can I change the default endpoints in IdentityServer, for instance to: '/api/login'?
Thanks
Right now you cannot change the endpoint URLs of the protocol endpoints. If you think this is needed, please open an issue on github.
Once you setup Identity Server 4 at Startup - you could use this "hack" and update the endpoint paths:
var builder = services.AddIdentityServer()
.AddDeveloperSigningCredential()
.AddInMemoryApiResources(Config.GetApiResources())
.AddInMemoryClients(Config.GetClients());
builder.Services
.Where(service => service.ServiceType == typeof(Endpoint))
.Select(item => (Endpoint)item.ImplementationInstance)
.ToList()
.ForEach(item => item.Path = item.Path.Value.Replace("/connect", ""));
Basically - Endpoint's such as TokenEndpoint, AuthorizeEndpoint classes are internally registered once you call AddIdentityServer - when it calls AddDefaultEndPoints method. Now Endpoint's are iterated upon receiving each request to match the requested Url; so changing the path would immediately take effect.
Please note that in the above example - I have removed all the "/connect" values from any of the paths that were prefixed with it.
IdentityServer4.ResponseHandling.DiscoveryResponseGenerator
and override CreateDiscoveryDocumentAsync
to return the values you want for the different fields in the doc. Then add the class to DI with services.AddTransient<IDiscoveryResponseGenerator, YourDiscoveryResponseGenerator>();
–
Minuend Right now you cannot change the endpoint URLs of the protocol endpoints. If you think this is needed, please open an issue on github.
it is a bit old question now, this is just another way that not seems much as a hack
IdentityServer4 provides a service called IEndpointRouter
this service if was overridden with your custom logic will allow you to map the path requested by your client to the one of IdentityServer4 endpoints.
based on default implementation of IEndpointRouter
(which is internal btw) i have written this class to do the mapping on my own.
internal class CustomEndpointRouter : IEndpointRouter
{
const string TOKEN_ENDPOINT = "/oauth/token";
private readonly IEnumerable<Endpoint> _endpoints;
private readonly IdentityServerOptions _options;
private readonly ILogger _logger;
public CustomEndpointRouter (IEnumerable<Endpoint> endpoints, IdentityServerOptions options, ILogger<CustomEndpointRouter > logger)
{
_endpoints = endpoints;
_options = options;
_logger = logger;
}
public IEndpointHandler Find(Microsoft.AspNetCore.Http.HttpContext context)
{
if (context == null) throw new ArgumentNullException(nameof(context));
if (context.Request.Path.Equals(TOKEN_ENDPOINT, StringComparison.OrdinalIgnoreCase))
{
var tokenEndPoint = GetEndPoint(EndpointNames.Token);
return GetEndpointHandler(tokenEndPoint, context);
}
//put a case for all endpoints or just fallback to IdentityServer4 default paths
else
{
foreach (var endpoint in _endpoints)
{
var path = endpoint.Path;
if (context.Request.Path.Equals(path, StringComparison.OrdinalIgnoreCase))
{
var endpointName = endpoint.Name;
_logger.LogDebug("Request path {path} matched to endpoint type {endpoint}", context.Request.Path, endpointName);
return GetEndpointHandler(endpoint, context);
}
}
}
_logger.LogTrace("No endpoint entry found for request path: {path}", context.Request.Path);
return null;
}
private Endpoint GetEndPoint(string endPointName)
{
Endpoint endpoint = null;
foreach (var ep in _endpoints)
{
if (ep.Name == endPointName)
{
endpoint = ep;
break;
}
}
return endpoint;
}
private IEndpointHandler GetEndpointHandler(Endpoint endpoint, Microsoft.AspNetCore.Http.HttpContext context)
{
if (_options.Endpoints.IsEndpointEnabled(endpoint))
{
var handler = context.RequestServices.GetService(endpoint.Handler) as IEndpointHandler;
if (handler != null)
{
_logger.LogDebug("Endpoint enabled: {endpoint}, successfully created handler: {endpointHandler}", endpoint.Name, endpoint.Handler.FullName);
return handler;
}
else
{
_logger.LogDebug("Endpoint enabled: {endpoint}, failed to create handler: {endpointHandler}", endpoint.Name, endpoint.Handler.FullName);
}
}
else
{
_logger.LogWarning("Endpoint disabled: {endpoint}", endpoint.Name);
}
return null;
}
}
internal static class EndpointOptionsExtensions
{
public static bool IsEndpointEnabled(this EndpointsOptions options, Endpoint endpoint)
{
switch (endpoint?.Name)
{
case EndpointNames.Authorize:
return options.EnableAuthorizeEndpoint;
case EndpointNames.CheckSession:
return options.EnableCheckSessionEndpoint;
case EndpointNames.Discovery:
return options.EnableDiscoveryEndpoint;
case EndpointNames.EndSession:
return options.EnableEndSessionEndpoint;
case EndpointNames.Introspection:
return options.EnableIntrospectionEndpoint;
case EndpointNames.Revocation:
return options.EnableTokenRevocationEndpoint;
case EndpointNames.Token:
return options.EnableTokenEndpoint;
case EndpointNames.UserInfo:
return options.EnableUserInfoEndpoint;
default:
// fall thru to true to allow custom endpoints
return true;
}
}
}
public static class EndpointNames
{
public const string Authorize = "Authorize";
public const string Token = "Token";
public const string DeviceAuthorization = "DeviceAuthorization";
public const string Discovery = "Discovery";
public const string Introspection = "Introspection";
public const string Revocation = "Revocation";
public const string EndSession = "Endsession";
public const string CheckSession = "Checksession";
public const string UserInfo = "Userinfo";
}
Then you just need to register this CustomEndpointRouter
service like below
services.AddTransient<IEndpointRouter, CustomEndpointRouter>();
please note that this updated path's will not appear in discovery document
You can try this services.AddIdentityServer(options => options.PublicOrigin = "URL")
check this link. http://amilspage.com/set-identityserver4-url-behind-loadbalancer/
© 2022 - 2024 — McMap. All rights reserved.