Vulnerability in EPiServer.Forms
When using AddOpenIDConnect() we have no access to the underlying calls that adds the OpenIddict server, for adding e.g. eventhandlers.
Has anyone found away around this? I'm thinkning that the Episerver.OpenIdConnect package should expose the OpenIddict internals in some way to allow us to do this sort of customization. An alternative of course is to implement OpenIddict without the Episerver package but it feels overkill.
All the option classes are still available, have you tried:
There is probably an extension method available to make this code nicer, so you don't have to construct the descriptor. It also look like you have to add the descriptor to the container:
var descriptor = new OpenIddictServerHandlerDescriptor
I've added to our backlog that we should look into exposing OpenIddictBuilder, which makes the code a bit cleaner when you want to extend our code.
Thanks, works like a charm!
+1 if it could be exposed as part of the Episerver package.