IdentityServer客户端重定向URL中是否允许使用通配符 [英] Are wildcards allowed in IdentityServer Client Redirect Urls

问题描述

我正在准备自己的测试IdentityServer，但是遇到了麻烦.必须为每个基于浏览器的客户端指定ClientUri和RedirectUris.我知道这些可以存储在数据库中，但是有什么方法可以在这里插入通配符?

I'm running through cooking up my own test IdentityServer, but I'm hitting a snag. The ClientUri and RedirectUris must be specified for every browser based client. I know these can be stored in the DB, but is there any way to insert wildcards here?

我们的每个客户都有自己的子域，我想通过允许所有尝试访问* .ourcompany.com上我们任何应用程序的浏览器都被视为身份服务器中的同一客户端，来简化用户管理.这可能吗?

Each of our customers receive their own subdomain and I would like to simplify user management by allowing all browsers attempting to access any of our apps at *.ourcompany.com to be treated as the same client in the identity server. Is this possible.

推荐答案

您可以实现自己的重定向URI验证器.但是出于安全原因，不建议这样做，因为它会扩大攻击范围.

You can implement your own redirect URI validator. But for security reasons, this is not recommended as it expands the attack surface.

1. 重定向Uri验证程序接口
2. 如何注册自定义验证器
3. 关于重定向uri的讨论

1. Redirect Uri Validator Interface
2. How to register your custom validator
3. Discussion about redirect uri

身份服务器4

我认为您可以在启动时添加AddCustomAuthorizeRequestValidator.仍然不建议修改重定向URI验证.

I think you can add AddCustomAuthorizeRequestValidator in the startup. Still, it is not recommended to modify the redirect URI validation.

1. 添加自定义服务
2. 相关讨论

1. Add Custom services
2. Related Discussion

这篇关于IdentityServer客户端重定向URL中是否允许使用通配符的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！