NetCore OpenIdConnect验证为什么要设置Authority?

 public void ConfigureServices(IServiceCollection services)         {             services.AddControllersWithViews();                        //             #region MVC client             //关闭了 JWT 身份信息类型映射             //这样就允许 well-known 身份信息（比如，“sub” 和 “idp”）无干扰地流过。             //这个身份信息类型映射的“清理”必须在调用 AddAuthentication()之前完成             JwtSecurityTokenHandler.DefaultInboundClaimTypeMap.Clear();             services.AddAuthentication(options =>             {                 options.DefaultScheme = "Cookies";                 options.DefaultChallengeScheme = "oidc";             })                .AddCookie("Cookies")                .AddOpenIdConnect("oidc", options =>               {                                    options.Authority = "http://localhost:5001";                   options.RequireHttpsMetadata = false;                   options.ClientId = "code_client";                   //Client secret                   options.ClientSecret = "511536EF-F270-4058-80CA-1C89C192F69A".ToString();                   //code方式                   options.ResponseType = "code";                   //Scope可以理解为申请何种操作范围                   options.Scope.Add("code_scope1"); //添加授权资源                       options.SaveTokens = true;                   options.GetClaimsFromUserInfoEndpoint = true;                                });              #endregion             services.ConfigureNonBreakingSameSiteCookies();         } 

 public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, string? displayName, Action<OpenIdConnectOptions> configureOptions)         {             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());             return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, displayName, configureOptions);         } 

/// <summary>         /// Adds a <see cref="AuthenticationScheme"/> which can be used by <see cref="IAuthenticationService"/>.         /// </summary>         /// <typeparam name="TOptions">The <see cref="AuthenticationSchemeOptions"/> type to configure the handler."/>.</typeparam>         /// <typeparam name="THandler">The <see cref="AuthenticationHandler{TOptions}"/> used to handle this scheme.</typeparam>         /// <param name="authenticationScheme">The name of this scheme.</param>         /// <param name="displayName">The display name of this scheme.</param>         /// <param name="configureOptions">Used to configure the scheme options.</param>         /// <returns>The builder.</returns>         public virtual AuthenticationBuilder AddScheme<TOptions, [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]THandler>(string authenticationScheme, string? displayName, Action<TOptions>? configureOptions)             where TOptions : AuthenticationSchemeOptions, new()             where THandler : AuthenticationHandler<TOptions>             => AddSchemeHelper<TOptions, THandler>(authenticationScheme, displayName, configureOptions);
       

 private AuthenticationBuilder AddSchemeHelper<TOptions, [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicConstructors)]THandler>(string authenticationScheme, string? displayName, Action<TOptions>? configureOptions)             where TOptions : AuthenticationSchemeOptions, new()             where THandler : class, IAuthenticationHandler         {             Services.Configure<AuthenticationOptions>(o =>             {                 //注册Scheme对应的HandlerType                 o.AddScheme(authenticationScheme, scheme => {                     scheme.HandlerType = typeof(THandler);                     scheme.DisplayName = displayName;                 });             });             if (configureOptions != null)             {                 Services.Configure(authenticationScheme, configureOptions);             }             //Options验证             Services.AddOptions<TOptions>(authenticationScheme).Validate(o => {                 o.Validate(authenticationScheme);                 return true;             });             Services.AddTransient<THandler>();             return this;         } 

 /// <summary>         /// Check that the options are valid.  Should throw an exception if things are not ok.         /// </summary>         public override void Validate()         {             base.Validate();              if (MaxAge.HasValue && MaxAge.Value < TimeSpan.Zero)             {                 throw new ArgumentOutOfRangeException(nameof(MaxAge), MaxAge.Value, "The value must not be a negative TimeSpan.");             }              if (string.IsNullOrEmpty(ClientId))             {                 throw new ArgumentException("Options.ClientId must be provided", nameof(ClientId));             }              if (!CallbackPath.HasValue)             {                 throw new ArgumentException("Options.CallbackPath must be provided.", nameof(CallbackPath));             }              //如果Authority没有设置,则报下面这个异常             if (ConfigurationManager == null)             {                 throw new InvalidOperationException($"Provide {nameof(Authority)}, {nameof(MetadataAddress)}, "                 + $"{nameof(Configuration)}, or {nameof(ConfigurationManager)} to {nameof(OpenIdConnectOptions)}");             }         } 

   public static AuthenticationBuilder AddOpenIdConnect(this AuthenticationBuilder builder, string authenticationScheme, string? displayName, Action<OpenIdConnectOptions> configureOptions)         {             builder.Services.TryAddEnumerable(ServiceDescriptor.Singleton<IPostConfigureOptions<OpenIdConnectOptions>, OpenIdConnectPostConfigureOptions>());             return builder.AddRemoteScheme<OpenIdConnectOptions, OpenIdConnectHandler>(authenticationScheme, displayName, configureOptions);         }　　

      /// <summary>         /// Invoked to post configure a TOptions instance.         /// </summary>         /// <param name="name">The name of the options instance being configured.</param>         /// <param name="options">The options instance to configure.</param>         public void PostConfigure(string name, OpenIdConnectOptions options)         {             options.DataProtectionProvider = options.DataProtectionProvider ?? _dp;              if (string.IsNullOrEmpty(options.SignOutScheme))             {                 options.SignOutScheme = options.SignInScheme;             }              if (options.StateDataFormat == null)             {                 var dataProtector = options.DataProtectionProvider.CreateProtector(                     typeof(OpenIdConnectHandler).FullName!, name, "v1");                 options.StateDataFormat = new PropertiesDataFormat(dataProtector);             }              if (options.StringDataFormat == null)             {                 var dataProtector = options.DataProtectionProvider.CreateProtector(                     typeof(OpenIdConnectHandler).FullName!,                     typeof(string).FullName!,                     name,                     "v1");                  options.StringDataFormat = new SecureDataFormat<string>(new StringSerializer(), dataProtector);             }              if (string.IsNullOrEmpty(options.TokenValidationParameters.ValidAudience) && !string.IsNullOrEmpty(options.ClientId))             {                 options.TokenValidationParameters.ValidAudience = options.ClientId;             }              if (options.Backchannel == null)             {                 options.Backchannel = new HttpClient(options.BackchannelHttpHandler ?? new HttpClientHandler());                 options.Backchannel.DefaultRequestHeaders.UserAgent.ParseAdd("Microsoft ASP.NET Core OpenIdConnect handler");                 options.Backchannel.Timeout = options.BackchannelTimeout;                 options.Backchannel.MaxResponseContentBufferSize = 1024 * 1024 * 10; // 10 MB             }              if (options.ConfigurationManager == null)             {                 if (options.Configuration != null)                 {                     options.ConfigurationManager = new StaticConfigurationManager<OpenIdConnectConfiguration>(options.Configuration);                 }                 else if (!(string.IsNullOrEmpty(options.MetadataAddress) && string.IsNullOrEmpty(options.Authority)))                 {                     if (string.IsNullOrEmpty(options.MetadataAddress) && !string.IsNullOrEmpty(options.Authority))                     {                         options.MetadataAddress = options.Authority;                         if (!options.MetadataAddress.EndsWith("/", StringComparison.Ordinal))                         {                             options.MetadataAddress += "/";                         }                          options.MetadataAddress += ".well-known/openid-configuration";                     }                      if (options.RequireHttpsMetadata && !(options.MetadataAddress?.StartsWith("https://", StringComparison.OrdinalIgnoreCase) ?? false))                     {                         throw new InvalidOperationException("The MetadataAddress or Authority must use HTTPS unless disabled for development by setting RequireHttpsMetadata=false.");                     }                      options.ConfigurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(options.MetadataAddress, new OpenIdConnectConfigurationRetriever(),                         new HttpDocumentRetriever(options.Backchannel) { RequireHttps = options.RequireHttpsMetadata })                     {                         RefreshInterval = options.RefreshInterval,                         AutomaticRefreshInterval = options.AutomaticRefreshInterval,                     };                 }             }         }