Discovery Document Request does not use Discovery Policy Authority for Request Address #124
Assignees
Labels
area/identity-model
Issues related to Identity Model
state/needs-triage
Needs triaging by the maintainers
Comments
RobK410
changed the title
RobK410
referenced
this issue
in RobK410/IdentityModel.OidcClient
Mar 8, 2024
damianh
added
area/identity-model
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
There exists a problem with the discovery document request when using with AWS Cognito (AWS's IdP) where the discovery Authority is different than the authority of the OAuth endpoints.
That is, AWS Cognito discovery endpoint authority will always be: "https://cognito-idp.{region}.amazonaws.com/"
And AWS Cognito default domain authority are: "https://{custom}.auth.{region}.amazoncognito.com"
The code in question is located here on line 401 of OidcClient.
This code change utilizes the Authority defined in the Discovery Policy instead of using the default Authority defined in the Client Options. Fallback is to use the Client Options Authority.
A proper solution is to check if a DiscoveryPolicy Authority has been specified, and use that instead of the Options.Authority when setting the Address property of the DiscoveryDocumentRequest.
The text was updated successfully, but these errors were encountered: