You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using path components in the URL of the issuer identifier enables supporting multiple issuers per host in a multi-tenant hosting configuration.
Support for path components was added in gh-1342 and is enabled by default.
However, this feature should be disabled by default, since there are a few implementation details required in order to provide a fully multi-tenant capable authorization server. Some of the primary requirements include isolation of client registration and authorization data between tenants, as well as, signing keys used per tenant.
jgrandja
changed the title
Issuer path component should be disabled by default
Path component for issuer identifier should be disabled by default
May 9, 2024
Using path components in the URL of the issuer identifier enables supporting multiple issuers per host in a multi-tenant hosting configuration.
Support for path components was added in gh-1342 and is enabled by default.
However, this feature should be disabled by default, since there are a few implementation details required in order to provide a fully multi-tenant capable authorization server. Some of the primary requirements include isolation of client registration and authorization data between tenants, as well as, signing keys used per tenant.
Related gh-1342, gh-663
The text was updated successfully, but these errors were encountered: