diff --git a/src/OpenIddict.Core/OpenIddictBuilder.cs b/src/OpenIddict.Core/OpenIddictBuilder.cs
index 69d5de68..30272dc3 100644
--- a/src/OpenIddict.Core/OpenIddictBuilder.cs
+++ b/src/OpenIddict.Core/OpenIddictBuilder.cs
@@ -15,6 +15,7 @@ using AspNet.Security.OpenIdConnect.Extensions;
using JetBrains.Annotations;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.DependencyInjection;
+using Microsoft.IdentityModel.Tokens;
using OpenIddict;
namespace Microsoft.AspNetCore.Builder {
@@ -288,7 +289,7 @@ namespace Microsoft.AspNetCore.Builder {
}
///
- /// Registers a used to sign the tokens issued by OpenIddict.
+ /// Registers a that is used to sign the tokens issued by OpenIddict.
///
/// The certificate used to sign the security tokens issued by the server.
/// The .
@@ -305,8 +306,8 @@ namespace Microsoft.AspNetCore.Builder {
}
///
- /// Registers a retrieved from
- /// an embedded resource to sign the tokens issued by OpenIddict.
+ /// Registers a retrieved from an
+ /// embedded resource and used to sign the tokens issued by OpenIddict.
///
/// The assembly containing the certificate.
/// The name of the embedded resource.
@@ -330,8 +331,8 @@ namespace Microsoft.AspNetCore.Builder {
}
///
- /// Registers a extracted
- /// from a stream to sign the tokens issued by OpenIddict.
+ /// Registers a extracted from a
+ /// stream and used to sign the tokens issued by OpenIddict.
///
/// The stream containing the certificate.
/// The password used to open the certificate.
@@ -349,8 +350,8 @@ namespace Microsoft.AspNetCore.Builder {
}
///
- /// Registers a extracted
- /// from a stream to sign the tokens issued by OpenIddict.
+ /// Registers a extracted from a
+ /// stream and used to sign the tokens issued by OpenIddict.
///
/// The stream containing the certificate.
/// The password used to open the certificate.
@@ -373,8 +374,8 @@ namespace Microsoft.AspNetCore.Builder {
}
///
- /// Registers a retrieved from the
- /// X.509 machine store to sign the tokens issued by OpenIddict.
+ /// Registers a retrieved from the X.509
+ /// machine store and used to sign the tokens issued by OpenIddict.
///
/// The thumbprint of the certificate used to identify it in the X.509 store.
/// The .
@@ -387,8 +388,8 @@ namespace Microsoft.AspNetCore.Builder {
}
///
- /// Registers a retrieved from the
- /// given X.509 store to sign the tokens issued by OpenIddict.
+ /// Registers a retrieved from the given
+ /// X.509 store and used to sign the tokens issued by OpenIddict.
///
/// The thumbprint of the certificate used to identify it in the X.509 store.
/// The name of the X.509 store.
@@ -403,6 +404,20 @@ namespace Microsoft.AspNetCore.Builder {
return Configure(options => options.SigningCredentials.AddCertificate(thumbprint, name, location));
}
+ ///
+ /// Registers a used to sign the tokens issued by OpenIddict.
+ /// Note: using asymmetric keys is recommended on production.
+ ///
+ /// The security key.
+ /// The .
+ public virtual OpenIddictBuilder AddSigningKey([NotNull] SecurityKey key) {
+ if (key == null) {
+ throw new ArgumentNullException(nameof(key));
+ }
+
+ return Configure(options => options.SigningCredentials.AddKey(key));
+ }
+
///
/// Enables authorization code flow support. For more information
/// about this specific OAuth2/OpenID Connect flow, visit