Merge pull request #922 from DuendeSoftware/patch/optional-iss-parameter

Introduce option to emit/suppress iss parameter
DuendeSoftware · Jun 20, 2022 · 480db1e · 480db1e
2 parents 09a5ae2 + f6377d8
commit 480db1e
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/src/IdentityServer/Configuration/DependencyInjection/Options/IdentityServerOptions.cs b/src/IdentityServer/Configuration/DependencyInjection/Options/IdentityServerOptions.cs
@@ -42,6 +42,11 @@ public class IdentityServerOptions
     /// Specifies whether scopes in JWTs are emitted as array or string
     /// </summary>
     public bool EmitScopesAsSpaceDelimitedStringInJwt { get; set; } = false;
+
+    /// <summary>
+    /// Specifies whether authorize responses contain the iss parameter (https://www.rfc-editor.org/rfc/rfc9207.html)
+    /// </summary>
+    public bool EmitIssuerIdentificationResponseParameter { get; set; } = true;
 
     /// <summary>
     /// Specifies whether the s_hash claim gets emitted in identity tokens. Defaults to false.

diff --git a/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs b/src/IdentityServer/Endpoints/Results/AuthorizeResult.cs
@@ -144,7 +144,7 @@ private void AddSecurityHeaders(HttpContext context)
     private string BuildRedirectUri()
     {
         var uri = Response.RedirectUri;
-        var query = Response.ToNameValueCollection().ToQueryString();
+        var query = Response.ToNameValueCollection(_options).ToQueryString();
 
         if (Response.Request.ResponseMode == OidcConstants.ResponseModes.Query)
         {
@@ -173,7 +173,7 @@ private string GetFormPostHtml()
         var url = Response.Request.RedirectUri;
         url = HtmlEncoder.Default.Encode(url);
         html = html.Replace("{uri}", url);
-        html = html.Replace("{body}", Response.ToNameValueCollection().ToFormPost());
+        html = html.Replace("{body}", Response.ToNameValueCollection(_options).ToFormPost());
 
         return html;
     }

diff --git a/src/IdentityServer/Extensions/AuthorizeResponseExtensions.cs b/src/IdentityServer/Extensions/AuthorizeResponseExtensions.cs
@@ -4,13 +4,14 @@
 
 using Duende.IdentityServer.Extensions;
 using System.Collections.Specialized;
+using Duende.IdentityServer.Configuration;
 using Duende.IdentityServer.ResponseHandling;
 
 namespace Duende.IdentityServer.Models;
 
 internal static class AuthorizeResponseExtensions
 {
-    public static NameValueCollection ToNameValueCollection(this AuthorizeResponse response)
+    public static NameValueCollection ToNameValueCollection(this AuthorizeResponse response, IdentityServerOptions options)
     {
         var collection = new NameValueCollection();
 
@@ -62,7 +63,10 @@ public static NameValueCollection ToNameValueCollection(this AuthorizeResponse r
 
         if (response.Issuer.IsPresent())
         {
-            collection.Add("iss", response.Issuer);
+            if (options.EmitIssuerIdentificationResponseParameter)
+            {
+                collection.Add("iss", response.Issuer);    
+            }
         }
 
         return collection;