M2M Authentication with Private Key JWT in a multi-tenancy scenario

[x789w]

IdentityServer version

7

.NET version

9

Description

Context: We want to modernize our authorization infrastructure and want to use Duende IdentityServer.

Customers of our multi-tenancy-capable product access it via individual domains (tenant.example.com). Non-web clients need to use the Client Credentials with Private Key JWT grant. A client definition is only valid inside a specific tenant.
Our new authorization server must therefore take the “tenant-dimension” into account.

Unlike users, clients cannot be managed via the ASP.NET Core Identity Framework. We will have to store the identities of clients and their public keys in a ClientStore.
The IdentityServer provides a default implementation for a ConfigurationStore which uses the Entity-Framework. Is there a way to add logic to this default implementation? If not, are there any best-practices to consider?

Reproduction steps

No response

Expected behavior

No response

Logs

No response

Additional context

No response

[RolandGuijt]

Yes. Please look at the implementation of the AddConfigurationStore extension method. It registers a number of Store types used for different purposes.
Depending on what logic you're looking for you could derive from one of the existing types or start from scratch and then after calling AddConfigurationStore register the custom one in DI.