private async Task<IEndpointResult> ExecuteDiscoDocAsync(HttpContext context)
{
_logger.LogVerbose("Start discovery request");
var baseUrl = _context.GetIdentityServerBaseUrl().EnsureTrailingSlash();
var allScopes = await _scopes.GetScopesAsync(publicOnly: true);
var showScopes = new List<Scope>();
var document = new DiscoveryDocument
{
issuer = _context.GetIssuerUri(),
subject_types_supported = new[] { "public" },
id_token_signing_alg_values_supported = new[] { Constants.SigningAlgorithms.RSA_SHA_256 }
};
// scopes
if (_options.DiscoveryOptions.ShowIdentityScopes)
{
showScopes.AddRange(allScopes.Where(s => s.Type == ScopeType.Identity));
}
if (_options.DiscoveryOptions.ShowResourceScopes)
{
showScopes.AddRange(allScopes.Where(s => s.Type == ScopeType.Resource));
}
if (showScopes.Any())
{
document.scopes_supported = showScopes.Where(s => s.ShowInDiscoveryDocument).Select(s => s.Name).ToArray();
}
// claims
if (_options.DiscoveryOptions.ShowClaims)
{
var claims = new List<string>();
foreach (var s in allScopes)
{
claims.AddRange(from c in s.Claims
where s.Type == ScopeType.Identity
select c.Name);
}
document.claims_supported = claims.Distinct().ToArray();
}
// grant types
if (_options.DiscoveryOptions.ShowGrantTypes)
{
var standardGrantTypes = Constants.SupportedGrantTypes.AsEnumerable();
if (this._options.AuthenticationOptions.EnableLocalLogin == false)
{
standardGrantTypes = standardGrantTypes.Where(type => type != OidcConstants.GrantTypes.Password);
}
var showGrantTypes = new List<string>(standardGrantTypes);
if (_options.DiscoveryOptions.ShowCustomGrantTypes)
{
showGrantTypes.AddRange(_customGrants.GetAvailableGrantTypes());
}
document.grant_types_supported = showGrantTypes.ToArray();
}
// response types
if (_options.DiscoveryOptions.ShowResponseTypes)
{
document.response_types_supported = Constants.SupportedResponseTypes.ToArray();
}
// response modes
if (_options.DiscoveryOptions.ShowResponseModes)
{
document.response_modes_supported = Constants.SupportedResponseModes.ToArray();
}
// token endpoint authentication methods
if (_options.DiscoveryOptions.ShowTokenEndpointAuthenticationMethods)
{
document.token_endpoint_auth_methods_supported = _parsers.GetAvailableAuthenticationMethods().ToArray();
}
// endpoints
if (_options.DiscoveryOptions.ShowEndpoints)
{
if (_options.Endpoints.EnableEndSessionEndpoint)
{
document.http_logout_supported = true;
}
if (_options.Endpoints.EnableAuthorizeEndpoint)
{
document.authorization_endpoint = baseUrl + Constants.RoutePaths.Oidc.Authorize;
}
if (_options.Endpoints.EnableTokenEndpoint)
{
document.token_endpoint = baseUrl + Constants.RoutePaths.Oidc.Token;
}
if (_options.Endpoints.EnableUserInfoEndpoint)
{
document.userinfo_endpoint = baseUrl + Constants.RoutePaths.Oidc.UserInfo;
}
if (_options.Endpoints.EnableEndSessionEndpoint)
{
document.end_session_endpoint = baseUrl + Constants.RoutePaths.Oidc.EndSession;
}
if (_options.Endpoints.EnableCheckSessionEndpoint)
{
document.check_session_iframe = baseUrl + Constants.RoutePaths.Oidc.CheckSession;
}
if (_options.Endpoints.EnableTokenRevocationEndpoint)
{
document.revocation_endpoint = baseUrl + Constants.RoutePaths.Oidc.Revocation;
}
if (_options.Endpoints.EnableIntrospectionEndpoint)
{
document.introspection_endpoint = baseUrl + Constants.RoutePaths.Oidc.Introspection;
}
}
if (_options.DiscoveryOptions.ShowKeySet)
{
if (_options.SigningCertificate != null)
{
document.jwks_uri = baseUrl + Constants.RoutePaths.Oidc.DiscoveryWebKeys;
}
}
return new DiscoveryDocumentResult(document, _options.DiscoveryOptions.CustomEntries);
}
public DiscoveryDocumentResult(DiscoveryDocument document, Dictionary<string, object> customEntries)
{
Document = document;
CustomEntries = customEntries;
}
