/// <summary> /// Validates Endpoints /// </summary> /// <param name="json">json</param> /// <param name="policy">policy</param> /// <returns>bool</returns> public string ValidateEndpoints(JObject json, DiscoveryPolicy policy) { //var authorityHost = new Uri(policy.Authority).Authority; foreach (var element in json) { if (element.Key.EndsWith("Endpoint", StringComparison.OrdinalIgnoreCase) || element.Key.Equals(OidcConstants.Discovery.JwksUri, StringComparison.OrdinalIgnoreCase)) { var endpoint = element.Value.ToString(); Uri uri; var isValidUri = Uri.TryCreate(endpoint, UriKind.Absolute, out uri); if (!isValidUri)//Uri not valid { return($"Malformed endpoint: {endpoint}"); } if (!DiscoveryUrlHelper.IsValidScheme(uri))//Scheme not valid { return($"Malformed endpoint: {endpoint}"); } if (!DiscoveryUrlHelper.IsSecureScheme(uri, policy))//Scheme not secure { return($"Endpoint does not use HTTPS: {endpoint}"); } } } return(string.Empty); }
public async Task <DiscoveryResponse> GetAsync(CancellationToken cancellationToken = default(CancellationToken)) { //Policy.Authority = Authority; string jwkUrl = ""; if (!DiscoveryUrlHelper.IsSecureScheme(new Uri(Url), Policy)) { return(new DiscoveryResponse(new InvalidOperationException("HTTPS required"), $"Error connecting to {Url}")); } try { var response = await _client.GetAsync(Url, cancellationToken).ConfigureAwait(false); if (!response.IsSuccessStatusCode) { string errorDetail = ""; HttpResponseHeaders headers = response.Headers; if (headers.WwwAuthenticate != null) { errorDetail = headers.WwwAuthenticate.ToString(); } if (errorDetail != null && errorDetail != "") { return(new DiscoveryResponse(response.StatusCode, $"Error connecting to {Url}: {response.ReasonPhrase}: { errorDetail}")); } else { return(new DiscoveryResponse(response.StatusCode, $"Error connecting to {Url}: {response.ReasonPhrase}")); } } var disco = new DiscoveryResponse(await response.Content.ReadAsStringAsync().ConfigureAwait(false), Policy); if (disco.IsError) { return(disco); } try { jwkUrl = disco.JwksUri; if (jwkUrl != null) { response = await _client.GetAsync(jwkUrl, cancellationToken).ConfigureAwait(false); if (!response.IsSuccessStatusCode) { return(new DiscoveryResponse(response.StatusCode, $"Error connecting to {jwkUrl}: {response.ReasonPhrase}")); } var jwk = await response.Content.ReadAsStringAsync().ConfigureAwait(false); disco.KeySet = new JsonWebKeySet(jwk); } return(disco); } catch (Exception ex) { return(new DiscoveryResponse(ex, $"Error connecting to {jwkUrl}")); } } catch (Exception ex) { return(new DiscoveryResponse(ex, $"Error connecting to {Url}")); } }