/// <summary>
/// Add configuration from the OIDC configuration, including issuer validation and signature requirement.
/// </summary>
/// <param name="builder"></param>
/// <param name="metadataAddress"></param>
/// <returns></returns>
public static TokenValidationPolicyBuilder AddOpenIdConfiguration(this TokenValidationPolicyBuilder builder, string metadataAddress)
{
var retriever = new OpenIdConnectConfigurationRetriever();
var config = retriever.GetConfiguration(metadataAddress, new HttpDocumentRetriever(), CancellationToken.None);
builder.RequireIssuer(config.Issuer);
return(builder.RequireSignature(config.JwksUri));
}
/// <summary>Configure the signature behavior with Key Vault for a specific <paramref name="client"/>.</summary> public static TokenValidationPolicyBuilder RequireSignatureWithKeyVault(this TokenValidationPolicyBuilder builder, KeyClient client, SignatureAlgorithm algorithm, long minimumRefreshInterval = CachedKeyProvider.DefaultMinimumRefreshInterval, long automaticRefreshInterval = CachedKeyProvider.DefaultAutomaticRefreshInterval) => builder.RequireSignature(client.VaultUri.ToString(), new KeyVaultKeyProvider(client, minimumRefreshInterval, automaticRefreshInterval), algorithm);
/// <summary>Configure the signature behavior with Key Vault for a specific <paramref name="vaultUri"/>.</summary> public static TokenValidationPolicyBuilder RequireSignatureWithKeyVault(this TokenValidationPolicyBuilder builder, string vaultUri, TokenCredential credentials, SignatureAlgorithm algorithm, long minimumRefreshInterval = CachedKeyProvider.DefaultMinimumRefreshInterval, long automaticRefreshInterval = CachedKeyProvider.DefaultAutomaticRefreshInterval) => builder.RequireSignature(vaultUri, new KeyVaultKeyProvider(vaultUri, credentials, minimumRefreshInterval, automaticRefreshInterval), algorithm);