Description
Is there an existing issue for this?
- I have searched the existing issues
Describe the bug
Hi, in my project I'm relaying on AddIdentityCore followed by checrrypicked registrations like AddSignInManager and etc. It allows me to setup minimal Identity for my project. I do not want roles nor I do not want default authentication schemes.
Till now I have not yet invested in MFA or 2FA as most of users of this product are authenticated through external authentication scheme (which supports MFA).
So I have custom authentication schemes. (OpenIdConnect, Cookie and External for SSO). However I do not have TwoFactorRememberMeScheme as I do not use it. I've tried to bump my project to .NET7 from .NET6. However it turns out that in .NET7 default SecurityStampValidator<TUser> is forcing sign-out of TwoFactorRememberMeScheme scheme.
This ends with InvalidOperationException as there is no handler registered for that scheme. Check: https://github.com/dotnet/aspnetcore/blob/main/src/Identity/Core/src/SecurityStampValidator.cs#L137
Expected Behavior
Since you allow minimal setup as AddIdentityCore is public and not obsolete than perhaps you should not enforce some hard-coded scheme sign-out. in default implementation of SecurityStampValidator
Steps To Reproduce
No response
Exceptions (if any)
No response
.NET Version
7.0.201
Anything else?
No response