Update OpenIddictServerConfiguration to validate the default schemes and ensure they don't point to the OpenIddict server handler

src/OpenIddict.Server/IOpenIddictServerEventService.cs → src/OpenIddict.Server/IOpenIddictServerEventDispatcher.cs

@@ -13,7 +13,7 @@ namespace OpenIddict.Server
     /// <summary>
     /// Dispatches events by invoking the corresponding handlers.
     /// </summary>
-    public interface IOpenIddictServerEventService
+    public interface IOpenIddictServerEventDispatcher
     {
         /// <summary>
         /// Publishes a new event.
@@ -21,6 +21,6 @@ namespace OpenIddict.Server
         /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
         /// <param name="notification">The event to publish.</param>
         /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
-        Task PublishAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictServerEvent;
+        Task DispatchAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictServerEvent;
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerConfiguration.cs

@@ -24,6 +24,7 @@ namespace OpenIddict.Server.Internal
     /// directly from your code. This API may change or be removed in future minor releases.
     /// </summary>
     public class OpenIddictServerConfiguration : IConfigureOptions<AuthenticationOptions>,
+                                                 IPostConfigureOptions<AuthenticationOptions>,
                                                  IPostConfigureOptions<OpenIddictServerOptions>
     {
         private readonly IDistributedCache _cache;
@@ -63,7 +64,43 @@ namespace OpenIddict.Server.Internal
         }
 
         /// <summary>
-        /// Populates the default OpenID Connect server options and ensure
+        /// Ensures that the authentication configuration is in a consistent and valid state.
+        /// </summary>
+        /// <param name="name">The authentication scheme associated with the handler instance.</param>
+        /// <param name="options">The options instance to initialize.</param>
+        public void PostConfigure([CanBeNull] string name, [NotNull] AuthenticationOptions options)
+        {
+            if (options == null)
+            {
+                throw new ArgumentNullException(nameof(options));
+            }
+
+            bool TryValidate(string scheme)
+            {
+                // If the scheme was not set or if it cannot be found in the map, return true.
+                if (string.IsNullOrEmpty(scheme) || !options.SchemeMap.TryGetValue(scheme, out var builder))
+                {
+                    return true;
+                }
+
+                return builder.HandlerType != typeof(OpenIddictServerHandler);
+            }
+
+            if (!TryValidate(options.DefaultAuthenticateScheme) || !TryValidate(options.DefaultChallengeScheme) ||
+                !TryValidate(options.DefaultForbidScheme) || !TryValidate(options.DefaultScheme) ||
+                !TryValidate(options.DefaultSignInScheme) || !TryValidate(options.DefaultSignOutScheme))
+            {
+                throw new InvalidOperationException(new StringBuilder()
+                    .AppendLine("The OpenIddict server handler cannot be used as the default scheme handler.")
+                    .Append("Make sure that neither DefaultAuthenticateScheme, DefaultChallengeScheme, ")
+                    .Append("DefaultForbidScheme, DefaultSignInScheme, DefaultSignOutScheme nor DefaultScheme ")
+                    .Append("point to an instance of the OpenIddict server handler.")
+                    .ToString());
+            }
+        }
+
+        /// <summary>
+        /// Populates the default OpenID Connect server options and ensures
         /// that the configuration is in a consistent and valid state.
         /// </summary>
         /// <param name="name">The authentication scheme associated with the handler instance.</param>

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Authentication.cs

@@ -111,7 +111,7 @@ namespace OpenIddict.Server.Internal
                 }
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ExtractAuthorizationRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractAuthorizationRequest(context));
         }
 
         public override async Task ValidateAuthorizationRequest([NotNull] ValidateAuthorizationRequestContext context)
@@ -433,7 +433,7 @@ namespace OpenIddict.Server.Internal
 
             context.Validate();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateAuthorizationRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateAuthorizationRequest(context));
         }
 
         public override async Task HandleAuthorizationRequest([NotNull] HandleAuthorizationRequestContext context)
@@ -481,7 +481,7 @@ namespace OpenIddict.Server.Internal
                 return;
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.HandleAuthorizationRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleAuthorizationRequest(context));
         }
 
         public override async Task ApplyAuthorizationResponse([NotNull] ApplyAuthorizationResponseContext context)
@@ -525,7 +525,7 @@ namespace OpenIddict.Server.Internal
                 }
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ApplyAuthorizationResponse(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyAuthorizationResponse(context));
         }
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Discovery.cs

@@ -19,10 +19,10 @@ namespace OpenIddict.Server.Internal
     public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractConfigurationRequest([NotNull] ExtractConfigurationRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractConfigurationRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractConfigurationRequest(context));
 
         public override Task ValidateConfigurationRequest([NotNull] ValidateConfigurationRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ValidateConfigurationRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateConfigurationRequest(context));
 
         public override Task HandleConfigurationRequest([NotNull] HandleConfigurationRequestContext context)
         {
@@ -52,22 +52,22 @@ namespace OpenIddict.Server.Internal
             context.Metadata[OpenIdConnectConstants.Metadata.RequestParameterSupported] = false;
             context.Metadata[OpenIdConnectConstants.Metadata.RequestUriParameterSupported] = false;
 
-            return _eventService.PublishAsync(new OpenIddictServerEvents.HandleConfigurationRequest(context));
+            return _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleConfigurationRequest(context));
         }
 
         public override Task ApplyConfigurationResponse([NotNull] ApplyConfigurationResponseContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyConfigurationResponse(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyConfigurationResponse(context));
 
         public override Task ExtractCryptographyRequest([NotNull] ExtractCryptographyRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractCryptographyRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractCryptographyRequest(context));
 
         public override Task ValidateCryptographyRequest([NotNull] ValidateCryptographyRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ValidateCryptographyRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateCryptographyRequest(context));
 
         public override Task HandleCryptographyRequest([NotNull] HandleCryptographyRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.HandleCryptographyRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleCryptographyRequest(context));
 
         public override Task ApplyCryptographyResponse([NotNull] ApplyCryptographyResponseContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyCryptographyResponse(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyCryptographyResponse(context));
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Exchange.cs

@@ -26,7 +26,7 @@ namespace OpenIddict.Server.Internal
     public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractTokenRequest([NotNull] ExtractTokenRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractTokenRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractTokenRequest(context));
 
         public override async Task ValidateTokenRequest([NotNull] ValidateTokenRequestContext context)
         {
@@ -310,7 +310,7 @@ namespace OpenIddict.Server.Internal
 
             context.Validate();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateTokenRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateTokenRequest(context));
         }
 
         public override async Task HandleTokenRequest([NotNull] HandleTokenRequestContext context)
@@ -329,7 +329,7 @@ namespace OpenIddict.Server.Internal
                 // the user code to handle the token request.
                 context.SkipHandler();
 
-                await _eventService.PublishAsync(new OpenIddictServerEvents.HandleTokenRequest(context));
+                await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleTokenRequest(context));
 
                 return;
             }
@@ -421,10 +421,10 @@ namespace OpenIddict.Server.Internal
             // the user code to handle the token request.
             context.SkipHandler();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.HandleTokenRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleTokenRequest(context));
         }
 
         public override Task ApplyTokenResponse([NotNull] ApplyTokenResponseContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyTokenResponse(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyTokenResponse(context));
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Introspection.cs

@@ -22,7 +22,7 @@ namespace OpenIddict.Server.Internal
     public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractIntrospectionRequest([NotNull] ExtractIntrospectionRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractIntrospectionRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractIntrospectionRequest(context));
 
         public override async Task ValidateIntrospectionRequest([NotNull] ValidateIntrospectionRequestContext context)
         {
@@ -97,7 +97,7 @@ namespace OpenIddict.Server.Internal
 
             context.Validate();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateIntrospectionRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateIntrospectionRequest(context));
         }
 
         public override async Task HandleIntrospectionRequest([NotNull] HandleIntrospectionRequestContext context)
@@ -175,10 +175,10 @@ namespace OpenIddict.Server.Internal
                 }
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.HandleIntrospectionRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleIntrospectionRequest(context));
         }
 
         public override Task ApplyIntrospectionResponse([NotNull] ApplyIntrospectionResponseContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyIntrospectionResponse(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyIntrospectionResponse(context));
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Revocation.cs

@@ -24,7 +24,7 @@ namespace OpenIddict.Server.Internal
     public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         public override Task ExtractRevocationRequest([NotNull] ExtractRevocationRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ExtractRevocationRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractRevocationRequest(context));
 
         public override async Task ValidateRevocationRequest([NotNull] ValidateRevocationRequestContext context)
         {
@@ -164,7 +164,7 @@ namespace OpenIddict.Server.Internal
 
             context.Validate();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateRevocationRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateRevocationRequest(context));
         }
 
         public override async Task HandleRevocationRequest([NotNull] HandleRevocationRequestContext context)
@@ -233,10 +233,10 @@ namespace OpenIddict.Server.Internal
 
             context.Revoked = true;
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.HandleRevocationRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleRevocationRequest(context));
         }
 
         public override Task ApplyRevocationResponse([NotNull] ApplyRevocationResponseContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyRevocationResponse(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyRevocationResponse(context));
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Serialization.cs

@@ -39,7 +39,7 @@ namespace OpenIddict.Server.Internal
                 context.HandleDeserialization();
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.DeserializeAccessToken(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.DeserializeAccessToken(context));
         }
 
         public override async Task DeserializeAuthorizationCode([NotNull] DeserializeAuthorizationCodeContext context)
@@ -58,11 +58,11 @@ namespace OpenIddict.Server.Internal
             // Prevent the OpenID Connect server middleware from using its default logic.
             context.HandleDeserialization();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.DeserializeAuthorizationCode(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.DeserializeAuthorizationCode(context));
         }
 
         public override Task DeserializeIdentityToken(DeserializeIdentityTokenContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.DeserializeIdentityToken(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.DeserializeIdentityToken(context));
 
         public override async Task DeserializeRefreshToken([NotNull] DeserializeRefreshTokenContext context)
         {
@@ -80,7 +80,7 @@ namespace OpenIddict.Server.Internal
             // Prevent the OpenID Connect server middleware from using its default logic.
             context.HandleDeserialization();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.DeserializeRefreshToken(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.DeserializeRefreshToken(context));
         }
 
         public override async Task SerializeAccessToken([NotNull] SerializeAccessTokenContext context)
@@ -106,7 +106,7 @@ namespace OpenIddict.Server.Internal
             // Otherwise, let the OpenID Connect server middleware
             // serialize the token using its default internal logic.
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.SerializeAccessToken(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.SerializeAccessToken(context));
         }
 
         public override async Task SerializeAuthorizationCode([NotNull] SerializeAuthorizationCodeContext context)
@@ -134,11 +134,11 @@ namespace OpenIddict.Server.Internal
             // Otherwise, let the OpenID Connect server middleware
             // serialize the token using its default internal logic.
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.SerializeAuthorizationCode(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.SerializeAuthorizationCode(context));
         }
 
         public override Task SerializeIdentityToken(SerializeIdentityTokenContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.SerializeIdentityToken(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.SerializeIdentityToken(context));
 
         public override async Task SerializeRefreshToken([NotNull] SerializeRefreshTokenContext context)
         {
@@ -165,7 +165,7 @@ namespace OpenIddict.Server.Internal
             // Otherwise, let the OpenID Connect server middleware
             // serialize the token using its default internal logic.
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.SerializeRefreshToken(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.SerializeRefreshToken(context));
         }
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Session.cs

@@ -81,7 +81,7 @@ namespace OpenIddict.Server.Internal
                 }
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ExtractLogoutRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractLogoutRequest(context));
         }
 
         public override async Task ValidateLogoutRequest([NotNull] ValidateLogoutRequestContext context)
@@ -155,7 +155,7 @@ namespace OpenIddict.Server.Internal
 
             context.Validate();
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ValidateLogoutRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateLogoutRequest(context));
         }
 
         public override async Task HandleLogoutRequest([NotNull] HandleLogoutRequestContext context)
@@ -203,7 +203,7 @@ namespace OpenIddict.Server.Internal
                 return;
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.HandleLogoutRequest(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleLogoutRequest(context));
         }
 
         public override async Task ApplyLogoutResponse([NotNull] ApplyLogoutResponseContext context)
@@ -247,7 +247,7 @@ namespace OpenIddict.Server.Internal
                 }
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ApplyLogoutResponse(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyLogoutResponse(context));
         }
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.Userinfo.cs

@@ -29,16 +29,16 @@ namespace OpenIddict.Server.Internal
             // the user code to handle the userinfo request.
             context.SkipHandler();
 
-            return _eventService.PublishAsync(new OpenIddictServerEvents.ExtractUserinfoRequest(context));
+            return _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ExtractUserinfoRequest(context));
         }
 
         public override Task ValidateUserinfoRequest([NotNull] ValidateUserinfoRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ValidateUserinfoRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ValidateUserinfoRequest(context));
 
         public override Task HandleUserinfoRequest([NotNull] HandleUserinfoRequestContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.HandleUserinfoRequest(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.HandleUserinfoRequest(context));
 
         public override Task ApplyUserinfoResponse([NotNull] ApplyUserinfoResponseContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.ApplyUserinfoResponse(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ApplyUserinfoResponse(context));
     }
 }

src/OpenIddict.Server/Internal/OpenIddictServerProvider.cs

@@ -27,7 +27,7 @@ namespace OpenIddict.Server.Internal
     public sealed partial class OpenIddictServerProvider : OpenIdConnectServerProvider
     {
         private readonly ILogger _logger;
-        private readonly IOpenIddictServerEventService _eventService;
+        private readonly IOpenIddictServerEventDispatcher _eventDispatcher;
         private readonly IOpenIddictApplicationManager _applicationManager;
         private readonly IOpenIddictAuthorizationManager _authorizationManager;
         private readonly IOpenIddictScopeManager _scopeManager;
@@ -40,14 +40,14 @@ namespace OpenIddict.Server.Internal
         /// </summary>
         public OpenIddictServerProvider(
             [NotNull] ILogger<OpenIddictServerProvider> logger,
-            [NotNull] IOpenIddictServerEventService eventService,
+            [NotNull] IOpenIddictServerEventDispatcher eventDispatcher,
             [NotNull] IOpenIddictApplicationManager applicationManager,
             [NotNull] IOpenIddictAuthorizationManager authorizationManager,
             [NotNull] IOpenIddictScopeManager scopeManager,
             [NotNull] IOpenIddictTokenManager tokenManager)
         {
             _logger = logger;
-            _eventService = eventService;
+            _eventDispatcher = eventDispatcher;
             _applicationManager = applicationManager;
             _authorizationManager = authorizationManager;
             _scopeManager = scopeManager;
@@ -55,7 +55,7 @@ namespace OpenIddict.Server.Internal
         }
 
         public override Task MatchEndpoint([NotNull] MatchEndpointContext context)
-            => _eventService.PublishAsync(new OpenIddictServerEvents.MatchEndpoint(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.MatchEndpoint(context));
 
         public override Task ProcessChallengeResponse([NotNull] ProcessChallengeResponseContext context)
         {
@@ -71,7 +71,7 @@ namespace OpenIddict.Server.Internal
                 context.Response.AddParameter(parameter, value);
             }
 
-            return _eventService.PublishAsync(new OpenIddictServerEvents.ProcessChallengeResponse(context));
+            return _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ProcessChallengeResponse(context));
         }
 
         public override async Task ProcessSigninResponse([NotNull] ProcessSigninResponseContext context)
@@ -224,7 +224,7 @@ namespace OpenIddict.Server.Internal
                 context.Ticket.RemoveProperty(property);
             }
 
-            await _eventService.PublishAsync(new OpenIddictServerEvents.ProcessSigninResponse(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ProcessSigninResponse(context));
         }
 
         public override Task ProcessSignoutResponse([NotNull] ProcessSignoutResponseContext context)
@@ -238,7 +238,7 @@ namespace OpenIddict.Server.Internal
                 context.Response.AddParameter(parameter, value);
             }
 
-            return _eventService.PublishAsync(new OpenIddictServerEvents.ProcessSignoutResponse(context));
+            return _eventDispatcher.DispatchAsync(new OpenIddictServerEvents.ProcessSignoutResponse(context));
         }
     }
 }

src/OpenIddict.Server/OpenIddictServerEventService.cs → src/OpenIddict.Server/OpenIddictServerEventDispatcher.cs

@@ -14,14 +14,14 @@ namespace OpenIddict.Server
     /// <summary>
     /// Dispatches events by invoking the corresponding notification handlers.
     /// </summary>
-    public class OpenIddictServerEventService : IOpenIddictServerEventService
+    public class OpenIddictServerEventDispatcher : IOpenIddictServerEventDispatcher
     {
         private readonly IServiceProvider _provider;
 
         /// <summary>
-        /// Creates a new instance of the <see cref="OpenIddictServerEventService"/> class.
+        /// Creates a new instance of the <see cref="OpenIddictServerEventDispatcher"/> class.
         /// </summary>
-        public OpenIddictServerEventService([NotNull] IServiceProvider provider)
+        public OpenIddictServerEventDispatcher([NotNull] IServiceProvider provider)
             => _provider = provider;
 
         /// <summary>
@@ -30,7 +30,7 @@ namespace OpenIddict.Server
         /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
         /// <param name="notification">The event to publish.</param>
         /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
-        public async Task PublishAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictServerEvent
+        public async Task DispatchAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictServerEvent
         {
             if (notification == null)
             {

src/OpenIddict.Server/OpenIddictServerExtensions.cs

@@ -42,7 +42,7 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.AddMemoryCache();
             builder.Services.AddOptions();
 
-            builder.Services.TryAddScoped<IOpenIddictServerEventService, OpenIddictServerEventService>();
+            builder.Services.TryAddScoped<IOpenIddictServerEventDispatcher, OpenIddictServerEventDispatcher>();
             builder.Services.TryAddScoped<OpenIddictServerHandler>();
             builder.Services.TryAddScoped(provider =>
             {
@@ -54,7 +54,7 @@ namespace Microsoft.Extensions.DependencyInjection
 
                 return new OpenIddictServerProvider(
                     provider.GetRequiredService<ILogger<OpenIddictServerProvider>>(),
-                    provider.GetRequiredService<IOpenIddictServerEventService>(),
+                    provider.GetRequiredService<IOpenIddictServerEventDispatcher>(),
                     provider.GetService<IOpenIddictApplicationManager>() ?? throw CreateException(),
                     provider.GetService<IOpenIddictAuthorizationManager>() ?? throw CreateException(),
                     provider.GetService<IOpenIddictScopeManager>() ?? throw CreateException(),
@@ -66,6 +66,7 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.TryAddEnumerable(new[]
             {
                 ServiceDescriptor.Singleton<IConfigureOptions<AuthenticationOptions>, OpenIddictServerConfiguration>(),
+                ServiceDescriptor.Singleton<IPostConfigureOptions<AuthenticationOptions>, OpenIddictServerConfiguration>(),
                 ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIddictServerOptions>, OpenIddictServerConfiguration>(),
                 ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIddictServerOptions>, OpenIdConnectServerInitializer>()
             });

src/OpenIddict.Validation/IOpenIddictValidationEventService.cs → src/OpenIddict.Validation/IOpenIddictValidationEventDispatcher.cs

@@ -12,7 +12,7 @@ namespace OpenIddict.Validation
     /// <summary>
     /// Dispatches events by invoking the corresponding handlers.
     /// </summary>
-    public interface IOpenIddictValidationEventService
+    public interface IOpenIddictValidationEventDispatcher
     {
         /// <summary>
         /// Publishes a new event.
@@ -20,6 +20,6 @@ namespace OpenIddict.Validation
         /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
         /// <param name="notification">The event to publish.</param>
         /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
-        Task PublishAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictValidationEvent;
+        Task DispatchAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictValidationEvent;
     }
 }

src/OpenIddict.Validation/Internal/OpenIddictValidationConfiguration.cs

@@ -53,7 +53,7 @@ namespace OpenIddict.Validation.Internal
         }
 
         /// <summary>
-        /// Populates the default OpenIddict validation options and ensure
+        /// Populates the default OpenIddict validation options and ensures
         /// that the configuration is in a consistent and valid state.
         /// </summary>
         /// <param name="name">The authentication scheme associated with the handler instance.</param>

src/OpenIddict.Validation/Internal/OpenIddictValidationProvider.cs

@@ -22,21 +22,21 @@ namespace OpenIddict.Validation.Internal
     /// </summary>
     public sealed class OpenIddictValidationProvider : OAuthValidationEvents
     {
-        private readonly IOpenIddictValidationEventService _eventService;
+        private readonly IOpenIddictValidationEventDispatcher _eventDispatcher;
 
         /// <summary>
         /// Creates a new instance of the <see cref="OpenIddictValidationProvider"/> class.
         /// Note: this API supports the OpenIddict infrastructure and is not intended to be used
         /// directly from your code. This API may change or be removed in future minor releases.
         /// </summary>
-        public OpenIddictValidationProvider([NotNull] IOpenIddictValidationEventService eventService)
+        public OpenIddictValidationProvider([NotNull] IOpenIddictValidationEventDispatcher eventDispatcher)
-            => _eventService = eventService;
+            => _eventDispatcher = eventDispatcher;
 
         public override Task ApplyChallenge([NotNull] ApplyChallengeContext context)
-            => _eventService.PublishAsync(new OpenIddictValidationEvents.ApplyChallenge(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictValidationEvents.ApplyChallenge(context));
 
         public override Task CreateTicket([NotNull] CreateTicketContext context)
-            => _eventService.PublishAsync(new OpenIddictValidationEvents.CreateTicket(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictValidationEvents.CreateTicket(context));
 
         public override async Task DecryptToken([NotNull] DecryptTokenContext context)
         {
@@ -114,11 +114,11 @@ namespace OpenIddict.Validation.Internal
                 context.Success();
             }
 
-            await _eventService.PublishAsync(new OpenIddictValidationEvents.DecryptToken(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictValidationEvents.DecryptToken(context));
         }
 
         public override Task RetrieveToken([NotNull] RetrieveTokenContext context)
-            => _eventService.PublishAsync(new OpenIddictValidationEvents.RetrieveToken(context));
+            => _eventDispatcher.DispatchAsync(new OpenIddictValidationEvents.RetrieveToken(context));
 
         public override async Task ValidateToken([NotNull] ValidateTokenContext context)
         {
@@ -178,7 +178,7 @@ namespace OpenIddict.Validation.Internal
                 }
             }
 
-            await _eventService.PublishAsync(new OpenIddictValidationEvents.ValidateToken(context));
+            await _eventDispatcher.DispatchAsync(new OpenIddictValidationEvents.ValidateToken(context));
         }
     }
 }

src/OpenIddict.Validation/OpenIddictValidationEventService.cs → src/OpenIddict.Validation/OpenIddictValidationEventDispatcher.cs

@@ -14,14 +14,14 @@ namespace OpenIddict.Validation
     /// <summary>
     /// Dispatches events by invoking the corresponding notification handlers.
     /// </summary>
-    public class OpenIddictValidationEventService : IOpenIddictValidationEventService
+    public class OpenIddictValidationEventDispatcher : IOpenIddictValidationEventDispatcher
     {
         private readonly IServiceProvider _provider;
 
         /// <summary>
-        /// Creates a new instance of the <see cref="OpenIddictValidationEventService"/> class.
+        /// Creates a new instance of the <see cref="OpenIddictValidationEventDispatcher"/> class.
         /// </summary>
-        public OpenIddictValidationEventService([NotNull] IServiceProvider provider)
+        public OpenIddictValidationEventDispatcher([NotNull] IServiceProvider provider)
             => _provider = provider;
 
         /// <summary>
@@ -30,7 +30,7 @@ namespace OpenIddict.Validation
         /// <typeparam name="TEvent">The type of the event to publish.</typeparam>
         /// <param name="notification">The event to publish.</param>
         /// <returns>A <see cref="Task"/> that can be used to monitor the asynchronous operation.</returns>
-        public async Task PublishAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictValidationEvent
+        public async Task DispatchAsync<TEvent>([NotNull] TEvent notification) where TEvent : class, IOpenIddictValidationEvent
         {
             if (notification == null)
             {

src/OpenIddict.Validation/OpenIddictValidationExtensions.cs

@@ -40,7 +40,7 @@ namespace Microsoft.Extensions.DependencyInjection
             builder.Services.AddLogging();
             builder.Services.AddOptions();
 
-            builder.Services.TryAddScoped<IOpenIddictValidationEventService, OpenIddictValidationEventService>();
+            builder.Services.TryAddScoped<IOpenIddictValidationEventDispatcher, OpenIddictValidationEventDispatcher>();
             builder.Services.TryAddScoped<OpenIddictValidationHandler>();
             builder.Services.TryAddScoped<OpenIddictValidationProvider>();
 

test/OpenIddict.Server.Tests/Internal/OpenIddictServerConfigurationTests.cs

@@ -18,6 +18,7 @@ using Microsoft.AspNetCore.TestHost;
 using Microsoft.Extensions.Caching.Distributed;
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Logging;
+using Microsoft.Extensions.Options;
 using Moq;
 using OpenIddict.Abstractions;
 using Xunit;
@@ -36,12 +37,12 @@ namespace OpenIddict.Server.Internal.Tests
                 builder.HandlerType = typeof(OpenIdConnectServerHandler);
             });
 
-            var initializer = new OpenIddictServerConfiguration(
+            var configuration = new OpenIddictServerConfiguration(
                 Mock.Of<IDistributedCache>(),
                 Mock.Of<IDataProtectionProvider>());
 
             // Act and assert
-            var exception = Assert.Throws<InvalidOperationException>(() => initializer.Configure(options));
+            var exception = Assert.Throws<InvalidOperationException>(() => configuration.Configure(options));
 
             Assert.Equal(new StringBuilder()
                 .AppendLine("The OpenIddict server handler cannot be registered as an authentication scheme.")
@@ -50,6 +51,44 @@ namespace OpenIddict.Server.Internal.Tests
                 .ToString(), exception.Message);
         }
 
+        [Theory]
+        [InlineData(new object[] { new string[] { OpenIddictServerDefaults.AuthenticationScheme, null, null, null, null, null } })]
+        [InlineData(new object[] { new string[] { null, OpenIddictServerDefaults.AuthenticationScheme, null, null, null, null } })]
+        [InlineData(new object[] { new string[] { null, null, OpenIddictServerDefaults.AuthenticationScheme, null, null, null } })]
+        [InlineData(new object[] { new string[] { null, null, null, OpenIddictServerDefaults.AuthenticationScheme, null, null } })]
+        [InlineData(new object[] { new string[] { null, null, null, null, OpenIddictServerDefaults.AuthenticationScheme, null } })]
+        [InlineData(new object[] { new string[] { null, null, null, null, null, OpenIddictServerDefaults.AuthenticationScheme } })]
+        public void PostConfigure_ThrowsAnExceptionWhenDefaultSchemesPointToServerHandler(string[] schemes)
+        {
+            // Arrange
+            var options = new AuthenticationOptions
+            {
+                DefaultAuthenticateScheme = schemes[0],
+                DefaultChallengeScheme = schemes[1],
+                DefaultForbidScheme = schemes[2],
+                DefaultScheme = schemes[3],
+                DefaultSignInScheme = schemes[4],
+                DefaultSignOutScheme = schemes[5]
+            };
+
+            options.AddScheme<OpenIddictServerHandler>(OpenIddictServerDefaults.AuthenticationScheme, displayName: null);
+
+            var configuration = new OpenIddictServerConfiguration(
+                Mock.Of<IDistributedCache>(),
+                Mock.Of<IDataProtectionProvider>());
+
+            // Act and assert
+            var exception = Assert.Throws<InvalidOperationException>(() => configuration.PostConfigure(Options.DefaultName, options));
+
+            // Assert
+            Assert.Equal(new StringBuilder()
+                .AppendLine("The OpenIddict server handler cannot be used as the default scheme handler.")
+                .Append("Make sure that neither DefaultAuthenticateScheme, DefaultChallengeScheme, ")
+                .Append("DefaultForbidScheme, DefaultSignInScheme, DefaultSignOutScheme nor DefaultScheme ")
+                .Append("point to an instance of the OpenIddict server handler.")
+                .ToString(), exception.Message);
+        }
+
         [Fact]
         public async Task PostConfigure_ThrowsAnExceptionWhenRandomNumberGeneratorIsNull()
         {

test/OpenIddict.Server.Tests/OpenIddictServerEventServiceTests.cs → test/OpenIddict.Server.Tests/OpenIddictServerEventDispatcherTests.cs

@@ -12,24 +12,24 @@ using Xunit;
 
 namespace OpenIddict.Server.Tests
 {
-    public class OpenIddictServerEventServiceTests
+    public class OpenIddictServerEventDispatcherTests
     {
         [Fact]
-        public async Task PublishAsync_ThrowsAnExceptionForNullNotification()
+        public async Task DispatchAsync_ThrowsAnExceptionForNullNotification()
         {
             // Arrange
             var provider = Mock.Of<IServiceProvider>();
-            var service = new OpenIddictServerEventService(provider);
+            var dispatcher = new OpenIddictServerEventDispatcher(provider);
 
             // Act and assert
             var exception = await Assert.ThrowsAsync<ArgumentNullException>(()
-                => service.PublishAsync<Event>(notification: null));
+                => dispatcher.DispatchAsync<Event>(notification: null));
 
             Assert.Equal("notification", exception.ParamName);
         }
 
         [Fact]
-        public async Task PublishAsync_InvokesHandlers()
+        public async Task DispatchAsync_InvokesHandlers()
         {
             // Arrange
             var handlers = new List<IOpenIddictServerEventHandler<Event>>
@@ -42,12 +42,12 @@ namespace OpenIddict.Server.Tests
             provider.Setup(mock => mock.GetService(typeof(IEnumerable<IOpenIddictServerEventHandler<Event>>)))
                 .Returns(handlers);
 
-            var service = new OpenIddictServerEventService(provider.Object);
+            var dispatcher = new OpenIddictServerEventDispatcher(provider.Object);
 
             var notification = new Event();
 
             // Act
-            await service.PublishAsync(notification);
+            await dispatcher.DispatchAsync(notification);
 
             // Assert
             Mock.Get(handlers[0]).Verify(mock => mock.HandleAsync(notification), Times.Once());
@@ -55,7 +55,7 @@ namespace OpenIddict.Server.Tests
         }
 
         [Fact]
-        public async Task PublishAsync_StopsInvokingHandlersWhenHandledIsReturned()
+        public async Task DispatchAsync_StopsInvokingHandlersWhenHandledIsReturned()
         {
             // Arrange
             var handlers = new List<IOpenIddictServerEventHandler<Event>>
@@ -73,12 +73,12 @@ namespace OpenIddict.Server.Tests
             provider.Setup(mock => mock.GetService(typeof(IEnumerable<IOpenIddictServerEventHandler<Event>>)))
                 .Returns(handlers);
 
-            var service = new OpenIddictServerEventService(provider.Object);
+            var dispatcher = new OpenIddictServerEventDispatcher(provider.Object);
 
             var notification = new Event();
 
             // Act
-            await service.PublishAsync(notification);
+            await dispatcher.DispatchAsync(notification);
 
             // Assert
             Mock.Get(handlers[0]).Verify(mock => mock.HandleAsync(notification), Times.Once());

test/OpenIddict.Server.Tests/OpenIddictServerExtensionsTests.cs

@@ -114,8 +114,8 @@ namespace OpenIddict.Server.Tests
 
             // Assert
             Assert.Contains(services, service => service.Lifetime == ServiceLifetime.Scoped &&
-                                                 service.ServiceType == typeof(IOpenIddictServerEventService) &&
+                                                 service.ServiceType == typeof(IOpenIddictServerEventDispatcher) &&
-                                                 service.ImplementationType == typeof(OpenIddictServerEventService));
+                                                 service.ImplementationType == typeof(OpenIddictServerEventDispatcher));
         }
 
         [Fact]

test/OpenIddict.Validation.Tests/Internal/OpenIddictValidationConfigurationTests.cs

@@ -32,10 +32,10 @@ namespace OpenIddict.Validation.Internal.Tests
                 builder.HandlerType = typeof(OAuthValidationHandler);
             });
 
-            var initializer = new OpenIddictValidationConfiguration(Mock.Of<IDataProtectionProvider>());
+            var configuration = new OpenIddictValidationConfiguration(Mock.Of<IDataProtectionProvider>());
 
             // Act and assert
-            var exception = Assert.Throws<InvalidOperationException>(() => initializer.Configure(options));
+            var exception = Assert.Throws<InvalidOperationException>(() => configuration.Configure(options));
 
             Assert.Equal(new StringBuilder()
                 .AppendLine("The OpenIddict validation handler cannot be registered as an authentication scheme.")

test/OpenIddict.Validation.Tests/OpenIddictValidationEventServiceTests.cs → test/OpenIddict.Validation.Tests/OpenIddictValidationEventDispatcherTests.cs

@@ -12,24 +12,24 @@ using Xunit;
 
 namespace OpenIddict.Validation.Tests
 {
-    public class OpenIddictValidationEventServiceTests
+    public class OpenIddictValidationEventDispatcherTests
     {
         [Fact]
-        public async Task PublishAsync_ThrowsAnExceptionForNullNotification()
+        public async Task DispatchAsync_ThrowsAnExceptionForNullNotification()
         {
             // Arrange
             var provider = Mock.Of<IServiceProvider>();
-            var service = new OpenIddictValidationEventService(provider);
+            var dispatcher = new OpenIddictValidationEventDispatcher(provider);
 
             // Act and assert
             var exception = await Assert.ThrowsAsync<ArgumentNullException>(()
-                => service.PublishAsync<Event>(notification: null));
+                => dispatcher.DispatchAsync<Event>(notification: null));
 
             Assert.Equal("notification", exception.ParamName);
         }
 
         [Fact]
-        public async Task PublishAsync_InvokesHandlers()
+        public async Task DispatchAsync_InvokesHandlers()
         {
             // Arrange
             var handlers = new List<IOpenIddictValidationEventHandler<Event>>
@@ -42,12 +42,12 @@ namespace OpenIddict.Validation.Tests
             provider.Setup(mock => mock.GetService(typeof(IEnumerable<IOpenIddictValidationEventHandler<Event>>)))
                 .Returns(handlers);
 
-            var service = new OpenIddictValidationEventService(provider.Object);
+            var dispatcher = new OpenIddictValidationEventDispatcher(provider.Object);
 
             var notification = new Event();
 
             // Act
-            await service.PublishAsync(notification);
+            await dispatcher.DispatchAsync(notification);
 
             // Assert
             Mock.Get(handlers[0]).Verify(mock => mock.HandleAsync(notification), Times.Once());
@@ -55,7 +55,7 @@ namespace OpenIddict.Validation.Tests
         }
 
         [Fact]
-        public async Task PublishAsync_StopsInvokingHandlersWhenHandledIsReturned()
+        public async Task DispatchAsync_StopsInvokingHandlersWhenHandledIsReturned()
         {
             // Arrange
             var handlers = new List<IOpenIddictValidationEventHandler<Event>>
@@ -73,12 +73,12 @@ namespace OpenIddict.Validation.Tests
             provider.Setup(mock => mock.GetService(typeof(IEnumerable<IOpenIddictValidationEventHandler<Event>>)))
                 .Returns(handlers);
 
-            var service = new OpenIddictValidationEventService(provider.Object);
+            var dispatcher = new OpenIddictValidationEventDispatcher(provider.Object);
 
             var notification = new Event();
 
             // Act
-            await service.PublishAsync(notification);
+            await dispatcher.DispatchAsync(notification);
 
             // Assert
             Mock.Get(handlers[0]).Verify(mock => mock.HandleAsync(notification), Times.Once());

test/OpenIddict.Validation.Tests/OpenIddictValidationExtensionsTests.cs

@@ -97,8 +97,8 @@ namespace OpenIddict.Validation.Tests
 
             // Assert
             Assert.Contains(services, service => service.Lifetime == ServiceLifetime.Scoped &&
-                                                 service.ServiceType == typeof(IOpenIddictValidationEventService) &&
+                                                 service.ServiceType == typeof(IOpenIddictValidationEventDispatcher) &&
-                                                 service.ImplementationType == typeof(OpenIddictValidationEventService));
+                                                 service.ImplementationType == typeof(OpenIddictValidationEventDispatcher));
         }
 
         [Fact]