When using IdentityServer4 how can one modify the token validation parameters so that the token issuer is not validated or multiple valid issuers can be provided?
I've tried the following approach but this doesn't seem to work:
public void ConfigureServices(IServiceCollection services)
{
// ... omitted
services.AddAuthentication("Bearer")
.AddIdentityServerAuthentication(options =>
{
options.Authority = "http://localhost:5000";
options.RequireHttpsMetadata = false;
options.ApiName = scopeName;
});
services.PostConfigure<JwtBearerOptions>("Bearer", options =>
{
// Option 1: turn off issuer validation at all
options.TokenValidationParameters.ValidateIssuer = false;
// Option 2 (preferable): Provide multiple valid issuers
options.TokenValidationParameters.ValidIssuers = new[]
{
"http://localhost:5000",
"http://127.0.0.1:5000",
};
});
// ... omitted
}
The reason why I need this: APIs which are protected by identity server are accessed internally and externally. External parties are using a different URL to get tokens from identity server than internal parties, so a protected API should consider both internal and external URLs as valid.