Investigate using endpoint routing in the ASP.NET Core host
See original GitHub issuehttps://github.com/aspnet/AspNetCore/issues/17615
These 3 modes are currently supported by OpenIddict’s ASP.NET Core 2.x and 3.x host:
-
Pass-through mode (enabled globally - per endpoint - using e.g
options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough()
): in this case, OpenIddict extracts the OIDC payload, validates it and allows the rest of the ASP.NET Core pipeline to be invoked. -
Pass-through mode (enabled dynamically using OpenIddict’s
context.SkipRequest()
API): it works like the previous mode, but pass-through is configured dynamically, per request, by callingcontext.SkipRequest()
from an OpenIddict event handler. This is commonly used to transparently handle authorization requests that can processed immediately (e.g whenprompt=none
is specified and the user is already logged in) without preventing other requests from reaching the MVC authorization controller (typically, when you need to render a consent form). -
Non-pass-through mode: in this case, requests are exclusively handled using OpenIddict’s events model. This is the expected operating mode for things like discovery, introspection or revocation requests, but we shouldn’t prevent them from being handled manually later in the pipeline.
We’ll need to determine how ASP.NET Core 5.0’s plans may affect corresponding scenarios.
@Tratcher could endpoint routing be used with these 3 modes? I’m not too concerned by the “routing” aspect - which seems flexible enough - but the “endpoint” part seems way more limiting in our case, as there’s no way for an endpoint to declare it’s not going to “handle” a request.
Issue Analytics
- State:
- Created 4 years ago
- Comments:16 (7 by maintainers)
Top GitHub Comments
I’ll catch up with @Tratcher on this discuss then. It sounds like there’s a desire to improve this, but I’m not sure why it requires anything other than looking at the currently selected endpoint.
Looks like https://github.com/dotnet/aspnetcore/issues/17615 hasn’t been very active lately so closing for now.