Support for multiple issuers #1125
Comments
Use multiple instances of the UserManager (one per issuer). |
|
Thanks @brockallen. There's another complication I didn't mention originally. The IDP I use to authenticate is effectively a wrapper of two different IDPs that supply the tokens. In other words, there's a single authorization endpoint (the login form gives you options to login to different providers) and distinct issuers. At the time of login, I cannot say which issuer will be used (i.e. when calling signInRedirect() I can't 'pick the right' userManager). I realise now I have the same problem as the OP of #839. One option is to keep using the library for the SignIn but handle the code exchange manually. Does this sound practical? My concern is that I would need to access the corresponding code verifier to attach to my HTTP POST to the token_endpoint. Is the code_verifier exposed somehow? |
Then that's one issuer. The architecture sounds wrong to me, sorry. |
I had a look in the backlog of issues/questions and I can see there was some discussion about disabling the issuer check (and as a result going against OIDC guidelines) #839
Is there any way to support receiving tokens from multiple issuers and keep validating the issuer?
The text was updated successfully, but these errors were encountered: