I use IdentityServer4 to login to my app using authorization_code flow.
I need to add support of wildcards for AllowedCorsOrigins in IdentityServer4 client configuration. I created my implementation of ICorsPolicyService, registered it in Startup. I checked that this code runs and returns true.
But when I add wildcard to AllowedCorsOrigins setting, it doesn't allow me to log in. Instead of login form I see this error message: "unauthorized_client. Unknown client or client not enabled"
It looks like it checks for AllowedCorsOrigins somewhere else. How I can make it work?
Updated: I see this in logs:
AllowedCorsOrigins contains invalid origin: http://local*ost:4200","SourceContext":"Duende.IdentityServer.Stores.ValidatingClientStore
It looks like I need to write my own implementation of IClientConfigurationValidator and register it using AddClientConfigurationValidator.
public class CustomClientConfigurationValidator : DefaultClientConfigurationValidator
{
public CustomClientConfigurationValidator(IdentityServerOptions options) : base(options)
{
}
protected override Task ValidateAllowedCorsOriginsAsync(ClientConfigurationValidationContext context)
{
// Validation code here
}
}