From 29ca2ac0ead5f8a06a62d1c94bd1456bdd5a428b Mon Sep 17 00:00:00 2001
From: okhara <otar.kharaishvili@gmail.com>
Date: Tue, 2 May 2023 18:35:10 +0400
Subject: [PATCH 1/2] Add post configuration of identity server options

---
 .../IdentityServerBuilderExtensions.cs        |  4 +++
 .../PostConfigureIdentityServerOptions.cs     | 31 +++++++++++++++++++
 2 files changed, 35 insertions(+)
 create mode 100644 src/AspNetIdentity/PostConfigureIdentityServerOptions.cs

diff --git a/src/AspNetIdentity/IdentityServerBuilderExtensions.cs b/src/AspNetIdentity/IdentityServerBuilderExtensions.cs
index 5618c519d..1bd47f09f 100644
--- a/src/AspNetIdentity/IdentityServerBuilderExtensions.cs
+++ b/src/AspNetIdentity/IdentityServerBuilderExtensions.cs
@@ -10,6 +10,8 @@
 using Duende.IdentityServer.AspNetIdentity;
 using Microsoft.AspNetCore.Authentication.Cookies;
 using Microsoft.AspNetCore.Identity;
+using Microsoft.Extensions.Options;
+using Duende.IdentityServer.Configuration;
 
 namespace Microsoft.Extensions.DependencyInjection;
 
@@ -81,6 +83,8 @@ public static IIdentityServerBuilder AddAspNetIdentity<TUser>(this IIdentityServ
         builder.AddResourceOwnerValidator<ResourceOwnerPasswordValidator<TUser>>();
         builder.AddProfileService<ProfileService<TUser>>();
 
+        builder.Services.AddSingleton<IPostConfigureOptions<IdentityServerOptions>, PostConfigureIdentityServerOptions>();
+
         return builder;
     }
 
diff --git a/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs b/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs
new file mode 100644
index 000000000..865cae548
--- /dev/null
+++ b/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs
@@ -0,0 +1,31 @@
+using Duende.IdentityServer.Configuration;
+using Microsoft.Extensions.Options;
+
+namespace Duende.IdentityServer.AspNetIdentity;
+
+/// <summary>
+/// Identity server options configuration
+/// </summary>
+public class PostConfigureIdentityServerOptions : IPostConfigureOptions<IdentityServerOptions>
+{
+    private readonly IOptions<Microsoft.AspNetCore.Authentication.AuthenticationOptions> _authOptions;
+
+    /// <summary>
+    /// ctor
+    /// </summary>
+    /// <param name="authOptions"></param>
+    public PostConfigureIdentityServerOptions(IOptions<Microsoft.AspNetCore.Authentication.AuthenticationOptions> authOptions)
+    {
+        _authOptions = authOptions;
+    }
+
+    /// <inheritdoc />
+    public void PostConfigure(string name, IdentityServerOptions options)
+    {
+        if (_authOptions.Value.DefaultAuthenticateScheme != null
+            && _authOptions.Value.DefaultAuthenticateScheme != options.DynamicProviders.SignOutScheme)
+        {
+            options.DynamicProviders.SignOutScheme = _authOptions.Value.DefaultAuthenticateScheme;
+        }
+    }
+}

From cb4ebaf1a6dc83a1b53796edec30d3cc29d34246 Mon Sep 17 00:00:00 2001
From: Joe DeCock <josephdecock@gmail.com>
Date: Fri, 11 Aug 2023 13:30:33 -0500
Subject: [PATCH 2/2] Refactor fix for Dynamic providers + asp.net id

---
 .../IdentityServerBuilderExtensions.cs        |  2 +-
 .../PostConfigureIdentityServerOptions.cs     | 21 +++++++++++++------
 .../Options/DynamicProviderOptions.cs         | 19 ++++++++++++++++-
 3 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/src/AspNetIdentity/IdentityServerBuilderExtensions.cs b/src/AspNetIdentity/IdentityServerBuilderExtensions.cs
index 1bd47f09f..62e569dde 100644
--- a/src/AspNetIdentity/IdentityServerBuilderExtensions.cs
+++ b/src/AspNetIdentity/IdentityServerBuilderExtensions.cs
@@ -83,7 +83,7 @@ public static IIdentityServerBuilder AddAspNetIdentity<TUser>(this IIdentityServ
         builder.AddResourceOwnerValidator<ResourceOwnerPasswordValidator<TUser>>();
         builder.AddProfileService<ProfileService<TUser>>();
 
-        builder.Services.AddSingleton<IPostConfigureOptions<IdentityServerOptions>, PostConfigureIdentityServerOptions>();
+        builder.Services.AddSingleton<IPostConfigureOptions<IdentityServerOptions>, UseAspNetIdentityCookieScheme>();
 
         return builder;
     }
diff --git a/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs b/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs
index 865cae548..e6fcbfc58 100644
--- a/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs
+++ b/src/AspNetIdentity/PostConfigureIdentityServerOptions.cs
@@ -1,4 +1,5 @@
 using Duende.IdentityServer.Configuration;
+using Microsoft.AspNetCore.Identity;
 using Microsoft.Extensions.Options;
 
 namespace Duende.IdentityServer.AspNetIdentity;
@@ -6,7 +7,7 @@ namespace Duende.IdentityServer.AspNetIdentity;
 /// <summary>
 /// Identity server options configuration
 /// </summary>
-public class PostConfigureIdentityServerOptions : IPostConfigureOptions<IdentityServerOptions>
+public class UseAspNetIdentityCookieScheme : IPostConfigureOptions<IdentityServerOptions>
 {
     private readonly IOptions<Microsoft.AspNetCore.Authentication.AuthenticationOptions> _authOptions;
 
@@ -14,18 +15,26 @@ public class PostConfigureIdentityServerOptions : IPostConfigureOptions<Identity
     /// ctor
     /// </summary>
     /// <param name="authOptions"></param>
-    public PostConfigureIdentityServerOptions(IOptions<Microsoft.AspNetCore.Authentication.AuthenticationOptions> authOptions)
+    public UseAspNetIdentityCookieScheme(IOptions<Microsoft.AspNetCore.Authentication.AuthenticationOptions> authOptions)
     {
         _authOptions = authOptions;
     }
 
-    /// <inheritdoc />
+    /// <inheritdoc/>
     public void PostConfigure(string name, IdentityServerOptions options)
     {
-        if (_authOptions.Value.DefaultAuthenticateScheme != null
-            && _authOptions.Value.DefaultAuthenticateScheme != options.DynamicProviders.SignOutScheme)
+        // If we are using ASP.NET Identity and the dynamic providers don't have a
+        // sign out scheme set, then we need the dynamic providers to use ASP.NET
+        // Identity's cookie at sign out time. If the sign out scheme is explicitly
+        // set, then we don't override that though.
+
+        if (DefaultAuthSchemeIsAspNetIdentity() &&
+            !options.DynamicProviders.SignOutSchemeSetExplicitly)
         {
-            options.DynamicProviders.SignOutScheme = _authOptions.Value.DefaultAuthenticateScheme;
+            options.DynamicProviders.SignOutScheme = IdentityConstants.ApplicationScheme;
         }
+
+        bool DefaultAuthSchemeIsAspNetIdentity() => 
+            _authOptions.Value.DefaultAuthenticateScheme == IdentityConstants.ApplicationScheme;
     }
 }
diff --git a/src/IdentityServer/Configuration/DependencyInjection/Options/DynamicProviderOptions.cs b/src/IdentityServer/Configuration/DependencyInjection/Options/DynamicProviderOptions.cs
index f73d88749..3739453e2 100644
--- a/src/IdentityServer/Configuration/DependencyInjection/Options/DynamicProviderOptions.cs
+++ b/src/IdentityServer/Configuration/DependencyInjection/Options/DynamicProviderOptions.cs
@@ -31,7 +31,24 @@ public class DynamicProviderOptions
     /// <summary>
     /// Scheme for signout. Defaults to the constant IdentityServerConstants.DefaultCookieAuthenticationScheme.
     /// </summary>
-    public string SignOutScheme { get; set; } = IdentityServerConstants.DefaultCookieAuthenticationScheme;
+    public string SignOutScheme 
+    { 
+        get 
+        {
+            return _signOutScheme ?? IdentityServerConstants.DefaultCookieAuthenticationScheme;
+        } 
+        set 
+        {
+            _signOutScheme = value;
+        }
+    }
+    
+    private string? _signOutScheme;
+
+    /// <summary>
+    /// Gets a value indicating if the SignOutScheme was set explicitly, either by application logic or by options binding.
+    /// </summary>
+    public bool SignOutSchemeSetExplicitly { get => _signOutScheme != null; }
 
     /// <summary>
     /// Registers a provider configuration model and authentication handler for the protocol type being used.