Investigate using endpoint routing in the ASP.NET Core host

https://github.com/aspnet/AspNetCore/issues/17615

These 3 modes are currently supported by OpenIddict’s ASP.NET Core 2.x and 3.x host:

• Pass-through mode (enabled globally - per endpoint - using e.g options.UseAspNetCore() .EnableAuthorizationEndpointPassthrough()): in this case, OpenIddict extracts the OIDC payload, validates it and allows the rest of the ASP.NET Core pipeline to be invoked.

• Pass-through mode (enabled dynamically using OpenIddict’s context.SkipRequest() API): it works like the previous mode, but pass-through is configured dynamically, per request, by calling context.SkipRequest() from an OpenIddict event handler. This is commonly used to transparently handle authorization requests that can processed immediately (e.g when prompt=none is specified and the user is already logged in) without preventing other requests from reaching the MVC authorization controller (typically, when you need to render a consent form).

• Non-pass-through mode: in this case, requests are exclusively handled using OpenIddict’s events model. This is the expected operating mode for things like discovery, introspection or revocation requests, but we shouldn’t prevent them from being handled manually later in the pipeline.

We’ll need to determine how ASP.NET Core 5.0’s plans may affect corresponding scenarios.

@Tratcher could endpoint routing be used with these 3 modes? I’m not too concerned by the “routing” aspect - which seems flexible enough - but the “endpoint” part seems way more limiting in our case, as there’s no way for an endpoint to declare it’s not going to “handle” a request.