public static IIdentityServerBuilder AddSigningCredentialAndValidationKeys(this IIdentityServerBuilder identityServerBuilder, SigningCertificateSettings certificateSettings, ICertificateService certificateService, ILogger logger) { if (certificateSettings.UseTemporarySigningCredential) { logger.Information("Using temporary signing credential - this is not recommended for production"); identityServerBuilder.AddDeveloperSigningCredential(); return(identityServerBuilder); } var isLinux = RuntimeInformation.IsOSPlatform(OSPlatform.Linux); identityServerBuilder.AddSigningCredential(certificateService.GetSigningCertificate(certificateSettings)); if (HasSecondarySigningKeys(certificateSettings, isLinux)) { identityServerBuilder.AddValidationKeys( new X509SecurityKey(certificateService.GetSigningCertificate(certificateSettings, isPrimary: false))); } return(identityServerBuilder); }