Extend token end point and MatchEndPoint not found

[salimz22]

Confirm you've already contributed to this project or that you sponsor it

• I confirm I'm a sponsor or a contributor

Version

3.x

Describe the bug

Hi,

1. Our requirement is to extend token which is received from token endpoint and add an additional scope while calling other microservice endpoint. In order to achieve this, we need to have additional token endpoint '/connect/extend'
   which would add additional scopes using existing token and create a extended JWT token to authorize the request..
   Can you assist to resolve this

You have mentioned in below article about to support new token endpoint using 'MatchEndPoint' handler (https://kevinchalet.com/2018/07/02/implementing-advanced-scenarios-using-the-new-openiddict-rc3-events-model/)
options.AddEventHandler<OpenIddictServerEvents.MatchEndpoint>(notification =>
{}

However, am not able to get 'MatchEndpoint' handler. Have looked at the entire github source code that also does not contain this event (MatchEndpoint).
Could you please assist to resolve this.

To reproduce

Exceptions (if any)

-

[kevinchalet]

Hey,

Our requirement is to extend token which is received from token endpoint and add an additional scope while calling other microservice endpoint. In order to achieve this, we need to have additional token endpoint '/connect/extend'
which would add additional scopes using existing token and create a extended JWT token to authorize the request.

That scenario sounds a lot like delegation, which is not supported (yet) in OpenIddict: #1249.

However, am not able to get 'MatchEndpoint' handler. Have looked at the entire github source code that also does not contain this event (MatchEndpoint).

The event you're looking for has been replaced by ProcessRequest(Context) in 3.0 and higher. Here's an example for ASP.NET Core:

options.AddEventHandler<ProcessRequestContext>(builder =>
{
    builder.UseInlineHandler(context =>
    {
        var request = context.Transaction.GetHttpRequest() ?? throw new InvalidOperationException();

        if (context.EndpointType is OpenIddictServerEndpointType.Unknown &&
            request.Path == "/connect/other-token-endpoint")
        {
            context.EndpointType = OpenIddictServerEndpointType.Token;
        }

        return default;
    });

    builder.SetOrder(InferEndpointType.Descriptor.Order + 1);
});

[salimz22]

Thanks Kevin for your response. Regarding the first query of delegation, you mentioned Openiddict does not support it at this moment. Is there any workaround to achieve this ? If yes, please let us know the details. Actually at this point, we have selected Openiddict as an identity solution to replace the identity server.

…

On Mon, Aug 1, 2022 at 5:50 PM Kévin Chalet ***@***.***> wrote: Hey, Our requirement is to extend token which is received from token endpoint and add an additional scope while calling other microservice endpoint. In order to achieve this, we need to have additional token endpoint '/connect/extend' which would add additional scopes using existing token and create a extended JWT token to authorize the request. That scenario sounds a lot like delegation, which is not supported (yet) in OpenIddict: #1249 <#1249>. However, am not able to get 'MatchEndpoint' handler. Have looked at the entire github source code that also does not contain this event (MatchEndpoint). The event you're looking for has been replaced by ProcessRequest(Context) in 3.0 and higher. Here's an example for ASP.NET Core: options.AddEventHandler<ProcessRequestContext>(builder => { builder.UseInlineHandler(context => { var request = context.Transaction.GetHttpRequest() ?? throw new InvalidOperationException(); if (context.EndpointType is OpenIddictServerEndpointType.Unknown && request.Path == "/connect/other-token-endpoint") { context.EndpointType = OpenIddictServerEndpointType.Token; } return default; }); builder.SetOrder(InferEndpointType.Descriptor.Order + 1); }); — Reply to this email directly, view it on GitHub <#1491 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2KHESF6P36PZJ3ZOJNPL5DVW66H7ANCNFSM55HG4XUQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[kevinchalet]

Thanks Kevin for your response. Regarding the first query of delegation, you mentioned Openiddict does not support it at this moment. Is there any workaround to achieve this ? If yes, please let us know the details.

Delegation as defined in RFC8693 is a fairly complex thing so it can't be implemented trivially using a "workaround", I'm afraid 😄

That said, if you're interested in sponsoring that feature, let me know.

[salimz22]

Ok.. So how much approximate cost would it be to build that feature, if that is the case.

…

On Mon, Aug 1, 2022 at 9:01 PM Kévin Chalet ***@***.***> wrote: Thanks Kevin for your response. Regarding the first query of delegation, you mentioned Openiddict does not support it at this moment. Is there any workaround to achieve this ? If yes, please let us know the details. Delegation as defined in RFC8693 is a fairly complex thing so it can't be implemented trivially using a "workaround", I'm afraid 😄 That said, if you're interested in sponsoring that feature, let me know. — Reply to this email directly, view it on GitHub <#1491 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/A2KHESEOQ5JXP62YY7Q3B63VW7UV7ANCNFSM55HG4XUQ> . You are receiving this because you authored the thread.Message ID: ***@***.***>

[kevinchalet]

@salimz22 you can email me at contact [at] kevinchalet [dot] com to discuss the details 😃