/// <summary> /// Validates Endpoints /// </summary> /// <param name="json">json</param> /// <param name="policy">policy</param> /// <returns>bool</returns> public string ValidateEndpoints(JObject json, DiscoveryPolicy policy) { //var authorityHost = new Uri(policy.Authority).Authority; foreach (var element in json) { if (element.Key.EndsWith("Endpoint", StringComparison.OrdinalIgnoreCase) || element.Key.Equals(OidcConstants.Discovery.JwksUri, StringComparison.OrdinalIgnoreCase)) { var endpoint = element.Value.ToString(); Uri uri; var isValidUri = Uri.TryCreate(endpoint, UriKind.Absolute, out uri); if (!isValidUri)//Uri not valid { return($"Malformed endpoint: {endpoint}"); } if (!DiscoveryUrlHelper.IsValidScheme(uri))//Scheme not valid { return($"Malformed endpoint: {endpoint}"); } if (!DiscoveryUrlHelper.IsSecureScheme(uri, policy))//Scheme not secure { return($"Endpoint does not use HTTPS: {endpoint}"); } } } return(string.Empty); }
public DiscoveryClient(string authority, HttpMessageHandler innerHandler = null) { var handler = innerHandler ?? new HttpClientHandler(); Uri uri; var success = Uri.TryCreate(authority, UriKind.Absolute, out uri); if (success == false) { throw new InvalidOperationException("Malformed authority URL"); } if (!DiscoveryUrlHelper.IsValidScheme(uri)) { throw new InvalidOperationException("Malformed authority URL"); } var url = authority.RemoveTrailingSlash(); if (url.EndsWith(OidcConstants.Discovery.ProdDiscoveryEndpoint, StringComparison.OrdinalIgnoreCase)) { Url = url; Authority = url.Substring(0, url.Length - OidcConstants.Discovery.ProdDiscoveryEndpoint.Length - 1); } else if (url.EndsWith(OidcConstants.Discovery.SandboxDiscoveryEndpoint, StringComparison.OrdinalIgnoreCase)) { Url = url; Authority = url.Substring(0, url.Length - OidcConstants.Discovery.SandboxDiscoveryEndpoint.Length - 1); } else { Authority = url; Url = url.EnsureTrailingSlash() + OidcConstants.Discovery.ProdDiscoveryEndpoint; } _client = new HttpClient(handler); }