I followed this tutorial from microsoft to secure a dotnet SPA with Duende Identity Server. According to the tutorial, I should configure the "Key" section of "IdentityServer" in AppSettings.json in order to sign the tokens. For development you use the following:
"IdentityServer": {
"Key": {
"Type": "Development"
}
}
However, according to Duende's documentation here, Identity server uses automatic key management by default, and I am using
builder.Services.AddDataProtection().PersistKeysToDbContext<ApplicationDbContext>();
to persist keys to a database.
If Identity Server automatically manages and rotates the keys it uses, then what is the purpose of the "Key" section, and how should it be configured for production? I have not been able to find much information about it. If I remove it I get this error:
Microsoft.AspNetCore.Diagnostics.DeveloperExceptionPageMiddleware[1]
An unhandled exception has occurred while executing the request.
System.InvalidOperationException: No signing credential is configured by the 'IdentityServer:Key' configuration section.
