Add AbpClientConfigurationValidator.

modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpClientConfigurationValidator.cs

@@ -0,0 +1,25 @@
+using System;
+using System.Linq;
+using System.Threading.Tasks;
+using IdentityServer4.Configuration;
+using IdentityServer4.Validation;
+
+namespace Volo.Abp.IdentityServer
+{
+    public class AbpClientConfigurationValidator : DefaultClientConfigurationValidator
+    {
+        public AbpClientConfigurationValidator(IdentityServerOptions options)
+            : base(options)
+        {
+        }
+
+        protected override Task ValidateAllowedCorsOriginsAsync(ClientConfigurationValidationContext context)
+        {
+            context.Client.AllowedCorsOrigins = context.Client
+                .AllowedCorsOrigins.Select(x => x.Replace("{0}.", string.Empty, StringComparison.OrdinalIgnoreCase))
+                .ToHashSet();
+
+            return base.ValidateAllowedCorsOriginsAsync(context);
+        }
+    }
+}

modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpIdentityServerServiceCollectionExtensions.cs

@@ -10,5 +10,10 @@ namespace Volo.Abp.IdentityServer
         {
             services.Replace(ServiceDescriptor.Transient<IRedirectUriValidator, AbpStrictRedirectUriValidator>());
         }
+
+        public static void AddAbpClientConfigurationValidator(this IServiceCollection services)
+        {
+            services.Replace(ServiceDescriptor.Transient<IClientConfigurationValidator, AbpClientConfigurationValidator>());
+        }
     }
 }

modules/identityserver/src/Volo.Abp.IdentityServer.Domain/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator.cs

@@ -1,9 +1,8 @@
-using System.Collections.Generic;
-using System.Linq;
+using System;
+using System.Collections.Generic;
 using System.Threading.Tasks;
 using IdentityServer4.Models;
 using IdentityServer4.Validation;
-using Microsoft.Extensions.Options;
 using Volo.Abp.Text.Formatting;
 
 namespace Volo.Abp.IdentityServer
@@ -36,6 +35,11 @@ namespace Volo.Abp.IdentityServer
                 {
                     return Task.FromResult(true);
                 }
+
+                if (url.Replace("{0}.", "").Contains(requestedUri, StringComparison.OrdinalIgnoreCase))
+                {
+                    return Task.FromResult(true);
+                }
             }
 
             return Task.FromResult(false);

modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpClientConfigurationValidator_Tests.cs

@@ -0,0 +1,52 @@
+using System.Collections.Generic;
+using System.Threading.Tasks;
+using IdentityServer4.Models;
+using IdentityServer4.Validation;
+using Microsoft.Extensions.DependencyInjection;
+using Shouldly;
+using Xunit;
+
+namespace Volo.Abp.IdentityServer
+{
+    public class AbpClientConfigurationValidator_Tests : AbpIdentityServerTestBase
+    {
+        private readonly IClientConfigurationValidator _abpClientConfigurationValidator;
+
+        private readonly Client _testClient = new Client
+        {
+            AllowedGrantTypes = GrantTypes.Code,
+
+            ClientSecrets = new List<IdentityServer4.Models.Secret>()
+            {
+                new IdentityServer4.Models.Secret("1q2w3e*")
+            },
+
+            RedirectUris = new List<string>
+            {
+                "https://{0}.api.abp.io:8080",
+                "http://{0}.ng.abp.io",
+                "http://ng.abp.io"
+            }
+        };
+
+        public AbpClientConfigurationValidator_Tests()
+        {
+            _abpClientConfigurationValidator = GetRequiredService<IClientConfigurationValidator>();
+        }
+
+        protected override void AfterAddApplication(IServiceCollection services)
+        {
+            services.AddAbpClientConfigurationValidator();
+        }
+
+        [Fact]
+        public async Task ValidateAsync()
+        {
+            var context = new ClientConfigurationValidationContext(_testClient);
+
+            await _abpClientConfigurationValidator.ValidateAsync(context);
+
+            context.IsValid.ShouldBeTrue();
+        }
+    }
+}

modules/identityserver/test/Volo.Abp.IdentityServer.Domain.Tests/Volo/Abp/IdentityServer/AbpStrictRedirectUriValidator_Tests.cs

@@ -46,10 +46,12 @@ namespace Volo.Abp.IdentityServer
         public async Task IsRedirectUriValidAsync()
         {
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://t1.api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue();
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://t2.ng.abp.io/index.html", _testClient)).ShouldBeTrue();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io/index.html", _testClient)).ShouldBeTrue();
 
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.abp:8080/", _testClient)).ShouldBeFalse();
-            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeTrue();
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse();
             (await _abpStrictRedirectUriValidator.IsRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse();
         }
@@ -58,10 +60,12 @@ namespace Volo.Abp.IdentityServer
         public async Task IsPostLogoutRedirectUriValidAsync()
         {
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://t1.api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.abp.io:8080/signin-oidc", _testClient)).ShouldBeTrue();
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://t2.ng.abp.io/index.html", _testClient)).ShouldBeTrue();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io/index.html", _testClient)).ShouldBeTrue();
 
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.abp:8080/", _testClient)).ShouldBeFalse();
-            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeFalse();
+            (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.abp.io", _testClient)).ShouldBeTrue();
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("https://api.t1.abp:8080/", _testClient)).ShouldBeFalse();
             (await _abpStrictRedirectUriValidator.IsPostLogoutRedirectUriValidAsync("http://ng.t1.abp.io", _testClient)).ShouldBeFalse();
         }