How to implement well-known OpenId discovery end point

In my previous post Unable to obtain configuration from: PII is hidden, I talked about error saying that OpenId Connect discovery information is missing. When you use some well established identity provider like IdentityServer etc. you do not see this errors. These identity providers have already implemented end points for a caller to discover information about OpenId Connect. But when you are implementing a custom OpenId provider with .Net Core 3.1, you are not going to have these end points. This is the case with my current project as well.

There is an easy solution to this.

  • Add an API controller to your project. Set Route attribute value to .well-known
  • Add an endpoint and name is appropriate for discovery type. E.g. I named my end point as OpenIdConfiguration and set the route attribute to openid-configuration

The code will look like below.

    [Route(".well-known")]
    [ApiController]
    public class OpenIdEndpointsController : ControllerBase
    {
        [HttpGet("openid-configuration")]
        public IActionResult OpenIdConfiguration()
        {
            return Ok("{\"issuer\":\"https://www.iassetsmanager.com\",id_token_signing_alg_values_supported:[\"HS256\"]}");
        }
    }

You do not have to implement returning full discovery document. Just provide the bare minimum information and it will take care of errors during validation of Jwt tokens.

comments powered by Disqus

Search

Social

Weather

18.9 °C / 66.1 °F

weather conditions Clouds

Monthly Posts

Blog Tags