Resolvning token signing / token encryption certificate dynamically in multi-tenant setup
See original GitHub issueConfirm you’ve already contributed to this project or that you sponsor it
- I confirm I’m a sponsor or a contributor
Version
3.x
Question
I have done a PoC to setup openiddict in a multi-tenant (per-path) configuration mouting each tenant under its own path as follows: https://<fqdn>/ls/<tenantid>/.well-known/openid-configuration
etc.
However, I have not found a way to dynamically configure token signing and token encryption options for each tenant (typically cached per-path request) as this is normally done globally using:
options.AddSigningCertificate(signingCertificate);
Preferable I would like to do this using an injected service / scoped store etc . What/where do I need to change in order to implement this.
Issue Analytics
- State:
- Created a year ago
- Comments:10 (9 by maintainers)
Top Results From Across the Web
Authenticating with multi-tenancy - Identity Platform
This document shows you how to authenticate users in a multi-tenant Identity Platform environment. Before you begin. Make sure you've enabled multi-tenancy ......
Read more >Obtain and Configure TS and TD Certificates for AD FS
This article describes tasks and procedures that ensure your AD FS token signing and token decryption certificates are up to date.
Read more >OAuth 2.0 Resource Server Multi-tenancy
A resource server is considered multi-tenant when there are multiple strategies for verifying a bearer token, keyed by some tenant identifier.
Read more >Using the Dynamic Authenticator
Go to Profiles → Authentication Profile → Authenticators and click on + New Authenticator. Enter a suitable name and select the Dynamic type....
Read more >Create Tenant-Specific SSO Metadata for Multiple ...
Configure a globally unique, tenant-specific service provider identifier (SP entity ID) to use multiple Marketing Cloud tenants with the same SSO identity.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
As mentioned in comments of the custom code, “in a real world application, the credentials would be retrieved from a persistent storage like a database or a key vault” - is there a sample/example of that?
Yeah, I recall you mentioning it. I’ll definitely be establishing that as part of my tenant provisioning and management.