fix circular dependency

[Erwinvandervalk]

While running one of the samples, I found that there is a circular dependency.

This can be resolved in the sample, but I figured it's better to solve it in the library, as other people might not run the sample directly.

 ---> (Inner Exception #10) System.InvalidOperationException: Error while validating the service descriptor 'ServiceType: Duende.AccessTokenManagement.IClientAssertionService Lifetime: Transient ImplementationType: WebJarJwt.ClientAssertionService': A circular dependency was detected for the service of type 'Duende.AccessTokenManagement.IClientAssertionService'.
Duende.AccessTokenManagement.IClientAssertionService(WebJarJwt.ClientAssertionService) -> Duende.AccessTokenManagement.OpenIdConnect.IOpenIdConnectConfigurationService(Duende.AccessTokenManagement.OpenIdConnect.Internal.OpenIdConnectConfigurationService) -> Microsoft.Extensions.Options.IOptionsMonitor<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>(Microsoft.Extensions.Options.OptionsMonitor<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>) -> Microsoft.Extensions.Options.IOptionsFactory<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>(Microsoft.Extensions.Options.OptionsFactory<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>) -> System.Collections.Generic.IEnumerable<Microsoft.Extensions.Options.IConfigureOptions<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>> -> Microsoft.Extensions.Options.IConfigureOptions<Microsoft.AspNetCore.Authentication.OpenIdConnect.OpenIdConnectOptions>(Duende.AccessTokenManagement.OpenIdConnect.Internal.ConfigureOpenIdConnectOptions) -> Duende.AccessTokenManagement.IClientAssertionService

[Copilot]

Pull request overview

Resolves a DI circular dependency involving IClientAssertionService when OpenIdConnect options are configured, and adds a regression test to ensure the container can be validated/built without cycles.

Changes:

• Updates ConfigureOpenIdConnectOptions to avoid constructor-injecting IClientAssertionService (breaking the circular dependency).
• Adds a new test that reproduces the circular dependency scenario and asserts DI validation succeeds.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 2 comments.

File	Description
access-token-management/src/AccessTokenManagement.OpenIdConnect/Internal/ConfigureOpenIdConnectOptions.cs	Reworks client-assertion resolution in OIDC option configuration to break the DI cycle.
access-token-management/test/AccessTokenManagement.Tests/CircularDependencyTests.cs	Adds a regression test that validates the service provider can be built without circular dependencies.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.