Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why are parameters for AddProductionEncryptionAndSigningCertificate() stored in code and not in settings? #21121

Open
improwise opened this issue Oct 18, 2024 · 1 comment
Open

Why are parameters for AddProductionEncryptionAndSigningCertificate() stored in code and not in settings? #21121

improwise opened this issue Oct 18, 2024 · 1 comment

Comments

@improwise
Copy link
Contributor

improwise commented Oct 18, 2024
edited
Loading

Is there a reason why the parameters to the AddProductionEncryptionAndSigningCertificate() method are stored in code rather than in an appsettings.json etc?

            PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
            {
                serverBuilder.AddProductionEncryptionAndSigningCertificate("openiddict.pfx",
                    "XXXXXX");
                serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
            });

I know you can and should change this, but there must be a reason for name of cert and passphrase to be stored directly in the code and not in settings like most other stuff like AuthServer:Authority?
@improwise
Copy link
Contributor Author

improwise commented Oct 18, 2024
edited
Loading

Ie something like this:

 PreConfigure<OpenIddictServerBuilder>(serverBuilder =>
 {
     var certificatePath = configuration["OpenIddict:Certificate:Path"];
     var certificatePassword = configuration["OpenIddict:Certificate:Password"];
     serverBuilder.AddProductionEncryptionAndSigningCertificate(certificatePath, certificatePassword);
     serverBuilder.SetIssuer(new Uri(configuration["AuthServer:Authority"]!));
 });

and then in appsettings

  "OpenIddict": {
    "Certificate": {
      "Path": "openiddict.pfx",
      "Password": "XXXXXXXX"
    }
  },

There are of course much better ways to solve this than either of these solutions for production environments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@improwise