Skip to content

Support dynamic client credentials in token introspection #24598

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
EngincanV merged 1 commit into from
Jan 12, 2026
Merged

Support dynamic client credentials in token introspection #24598

EngincanV merged 1 commit into from
Jan 12, 2026

Conversation

@maliming
Copy link
Member

@maliming maliming commented Jan 9, 2026 

AddAbpOpenIdConnect("oidc", options =>
{
    //...
    options.ClientId = configuration["AuthServer:ClientId"];
    options.ClientSecret = configuration["AuthServer:ClientSecret"];
    options.UsePkce = true;
    //...

    options.Events.OnTokenResponseReceived = ctx =>
    {
        ctx.Properties?.SetString("client_id", configuration["AuthServer:ClientId"]);
        ctx.Properties?.SetString("client_secret", configuration["AuthServer:ClientSecret"]);
        return Task.CompletedTask;
    };
});

https://abp.io/support/questions/10288/

@maliming
Support dynamic client credentials in token introspection
27179a0 
```cs
AddAbpOpenIdConnect("oidc", options =>
{
    //...
    options.ClientId = configuration["AuthServer:ClientId"];
    options.ClientSecret = configuration["AuthServer:ClientSecret"];
    options.UsePkce = true;
    //...

    options.Events.OnTokenResponseReceived = ctx =>
    {
        ctx.Properties?.SetString("client_id", configuration["AuthServer:ClientId"]);
        ctx.Properties?.SetString("client_secret", configuration["AuthServer:ClientSecret"]);
        return Task.CompletedTask;
    };
});
```
@maliming maliming marked this pull request as ready for review January 12, 2026 05:52
Copilot AI review requested due to automatic review settings January 12, 2026 05:52
@maliming maliming added this to the 10.1-final milestone Jan 12, 2026
Copilot AI reviewed Jan 12, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This pull request adds support for dynamic client credentials in token introspection by allowing client_id and client_secret to be retrieved from authentication properties. This enables scenarios where different client credentials need to be used for token introspection than those configured in the OpenIdConnect options.

Changes:

  • Added retrieval of client_id and client_secret from authentication properties with fallback to OpenIdConnect options
  • Fixed method modifier order from async static to static async for one helper method

@maliming maliming requested a review from EngincanV January 12, 2026 06:06
@EngincanV EngincanV merged commit 603fe8c into rel-10.1 Jan 12, 2026
9 of 10 checks passed
@EngincanV EngincanV deleted the CheckTokenExpiration branch January 12, 2026 10:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@EngincanV EngincanV EngincanV approved these changes

Assignees

No one assigned

Labels

abp-framework

Projects

None yet

Milestone

10.1-final

Development

Successfully merging this pull request may close these issues.

3 participants

@maliming @EngincanV