Implement draft-ietf-oauth-client-id-metadata-document-00 support,
allowing OAuth clients to use an HTTPS URL as their client_id with
the server fetching a JSON metadata document from that URL.
- Add EnableClientIdMetadataDocumentSupport option and related config
- Create OpenIddict.Server.SystemNetHttp project for HTTP outbound
metadata document fetching (following Client.SystemNetHttp patterns)
- Modify handler pipeline: ValidateClientId sets CIMD flag when
FindByClientIdAsync returns null and client_id is a valid HTTPS URL
- Add CIMD bypasses to authentication, sign-in, and token generation
handlers that look up pre-registered applications
- Validate redirect_uri against fetched metadata document
- Advertise client_id_metadata_document_supported in discovery
- Update sandbox demonstrator with CIMD support and test endpoint
Thor Arne Johansen
Kévin Chalet