Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. ItĀ collects links to all the places you might be looking at while hunting down a tough bug.

And, if youā€™re still stuck at the end, weā€™re happy to hop on a call to see how we can help out.

How to change validation type in runtime?

See original GitHub issue

Confirm youā€™ve already contributed to this project or that you sponsor it

  • I confirm Iā€™m a sponsor or a contributor

Version

4.x

Question

Hi @kevinchalet šŸ˜ƒ I updated openIdDict to version 4 and Iā€™m trying to use ChangeToken as you said. Unfortunately it doesnā€™t work, change token is executed but OpenIdDict doesnā€™t switch between Introspection and Direct. I tried with ChangeToken registered outside AddValidation, the same efect.

services
	.AddOpenIddict()
	.AddCore(options =>
	{
		options.UseEntityFrameworkCore()
			.UseDbContext<ApplicationDbContext>()
			.ReplaceDefaultEntities<Client, Authorization, Scope, Token, int>();
	})
	.AddServer(options =>
	{
		options
			.SetTokenEndpointUris("connect/token")
			.SetRevocationEndpointUris("connect/revocation")
			.SetIntrospectionEndpointUris("connect/introspect");

		options.AddEventHandler<OpenIddictServerEvents.ProcessSignInContext>(builder =>
		{
			builder.UseInlineHandler(context =>
			{
				if (context.Transaction.Request != null)
				{
					context.Response["scope"] = string.Join(" ", context.Transaction.Request.GetScopes().OrderBy(z => z));
				}

				return default;
			});
		});

		options.AddEventHandler<OpenIddictServerEvents.ProcessChallengeContext>(builder =>
		{
			builder.UseInlineHandler(context =>
			{
				var authPropertiesKey = typeof(AuthenticationProperties).ToString();
				if (context.Transaction.Properties.ContainsKey(authPropertiesKey))
				{
					var props = context.Transaction.Properties[authPropertiesKey] as AuthenticationProperties;
					context.Response["message"] = props.Items["message"];
				}

				return default;
			});
		});

		options.AllowClientCredentialsFlow();
		options.AllowPasswordFlow();
		options.AllowRefreshTokenFlow();

		options.UseReferenceRefreshTokens();

		options.RegisterScopes(
			OpenIddictConstants.Permissions.Scopes.Profile.Replace(OpenIddictConstants.Permissions.Prefixes.Scope, string.Empty),
			OpenIddictConstants.Permissions.Scopes.Roles.Replace(OpenIddictConstants.Permissions.Prefixes.Scope, string.Empty),
			CustomScopes.APPLICATION,
			CustomScopes.IDENTITY_SETUP,
			CustomScopes.SUPPORT_PACKAGE);

		options.SetAccessTokenLifetime(TimeSpan.FromHours(1));
		options.SetRefreshTokenLifetime(TimeSpan.FromDays(7));

		options.AddEncryptionCertificate(signingCertificate)
			.AddSigningCertificate(signingCertificate);

		options.DisableAccessTokenEncryption();

		options.UseAspNetCore()
			.EnableTokenEndpointPassthrough();
	})
	.AddValidation(options =>
	{
		SetValidation(options);

		ChangeToken.OnChange(configuration.GetReloadToken, () => SetValidation(options));
	});

SetValidation method

private static void SetValidation(OpenIddictValidationBuilder builder)
{
	MasterUrlManager masterSettings = MasterUrlManager.Get();
	if (!string.IsNullOrWhiteSpace(masterSettings.Host) && masterSettings.Status == MasterStatus.Healthy)
	{
		string clientId = LocalClientManager.GetId();

		builder.SetIssuer($"https://{masterSettings.Host}:{masterSettings.HttpsPort}/");
		builder.AddAudiences(clientId);

		builder.UseIntrospection()
			.SetClientId(clientId)
			.SetClientSecret(LocalClientManager.GetSecret());

		builder.UseSystemNetHttp();
	}
	else
	{
		builder.UseLocalServer();
	}

	builder.UseAspNetCore();
}

Issue Analytics

  • State:closed
  • Created 8 months ago
  • Comments:8 (5 by maintainers)

github_iconTop GitHub Comments

1reaction
kevinchaletcommented, Jan 18, 2023

Note: itā€™s absolutely not specific to OpenIddict, so you can use the same approach with any other library that uses Microsoft.Extensions.Options.

0reactions
kevinchaletcommented, Jan 19, 2023

Awesome! šŸ‘šŸ»

Thanks again for sponsoring the project, much appreciated ā¤ļø

Read more comments on GitHub >

github_iconTop Results From Across the Web

How can I change annotations/Hibernate validation rules at ...
One way to customize hibernate validator is to write your own annotations, but that won't work for what DR is trying to do...
Read more >
How to allow creating and changing validation rules at ...
I am trying to create a runtime validation engine based on all your types of validations in the validation module, and let administratorsĀ ......
Read more >
How to: Customize Data Field Validation in the Data Model ...
In the Name box, enter the name of the custom validation attribute class. You can use any name that is not already being...
Read more >
How to set/clear validationRules.type 'required' at dxForm ...
Hi Alexey,. To modify the form item validationRules option at runtime, you can use the itemOption dxForm method. You can find more informationĀ ......
Read more >
Validating object's type at runtime? : r/typescript
To do this you must define the type at runtime so that a library like io-ts can validate against it. This is necessary...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Default log level for openid connect errors.

Next page

Setting up custom scopes (The specified scope type is not compatible with the Entity Framework Core stores)