I have a strange issue with tokens issued by my local development IdentityServer (happens both with IdentityServer4 and with Duende IdentityServer).
The IdentityServer on my local dev machine is running on port 44310 and this is reflected correctly in the discovery document
However, since a few days, when I obtain a JWT access token, the issuer for some reason is just https://localhost when I inspect it in jwt.io
So it omits the port and by consequence when I use this token from a calling client it returns Unauthorized with message https://localhost is invalid issuer.
The strange thing is that this started to happen only a few days ago (cannot pinpoint exactly when) because my local IdentityServer code hasn’t changed in months.
Even stranger is that on another development VM with exactly the same Visual Studio 2022 version and running exactly the same codebase of my IdentityServer project, it is still working correctly (that is, emitting issuer "https://localhost:44310" in the JWT token).
Any ideas ?
EDIT:
Tore’s answer got me thinking and I decided to call the discovery endpoint from Postman and indeed from there the issuer is returned as https://localhost without the port, while the called url is actually with the port, which I don’t understand why it’s different when calling it from the browser (and what made it change to this behavior recently)
2
Answers
Found the issue !
My Postman HTTP version in the settings was set to Auto, which I guess uses HTTP 2.
When I hard select HTTP 2 it indeed comes back without the port, but when I put it on HTTP 1.x the port is included... Go figure...
The URL’s in the discovery document will wary depending on who is calling IdentityServer, so you will see different issuer when the client calls IdentityServer and when the browser calls it.
One option is to set the issuer to a Static URL like this:
You also might need to override the URL’s used in the client like this:
You can read a full explanation of why in my blog post: IdentityServer in Docker Containers