/// <summary>
/// Validates Endpoints
/// </summary>
/// <param name="json">json</param>
/// <param name="policy">policy</param>
/// <returns>bool</returns>
public string ValidateEndpoints(JObject json, DiscoveryPolicy policy)
{
//var authorityHost = new Uri(policy.Authority).Authority;
foreach (var element in json)
{
if (element.Key.EndsWith("Endpoint", StringComparison.OrdinalIgnoreCase) ||
element.Key.Equals(OidcConstants.Discovery.JwksUri, StringComparison.OrdinalIgnoreCase))
{
var endpoint = element.Value.ToString();
Uri uri;
var isValidUri = Uri.TryCreate(endpoint, UriKind.Absolute, out uri);
if (!isValidUri)//Uri not valid
{
return($"Malformed endpoint: {endpoint}");
}
if (!DiscoveryUrlHelper.IsValidScheme(uri))//Scheme not valid
{
return($"Malformed endpoint: {endpoint}");
}
if (!DiscoveryUrlHelper.IsSecureScheme(uri, policy))//Scheme not secure
{
return($"Endpoint does not use HTTPS: {endpoint}");
}
}
}
return(string.Empty);
}
public DiscoveryClient(string authority, HttpMessageHandler innerHandler = null)
{
var handler = innerHandler ?? new HttpClientHandler();
Uri uri;
var success = Uri.TryCreate(authority, UriKind.Absolute, out uri);
if (success == false)
{
throw new InvalidOperationException("Malformed authority URL");
}
if (!DiscoveryUrlHelper.IsValidScheme(uri))
{
throw new InvalidOperationException("Malformed authority URL");
}
var url = authority.RemoveTrailingSlash();
if (url.EndsWith(OidcConstants.Discovery.ProdDiscoveryEndpoint, StringComparison.OrdinalIgnoreCase))
{
Url = url;
Authority = url.Substring(0, url.Length - OidcConstants.Discovery.ProdDiscoveryEndpoint.Length - 1);
}
else if (url.EndsWith(OidcConstants.Discovery.SandboxDiscoveryEndpoint, StringComparison.OrdinalIgnoreCase))
{
Url = url;
Authority = url.Substring(0, url.Length - OidcConstants.Discovery.SandboxDiscoveryEndpoint.Length - 1);
}
else
{
Authority = url;
Url = url.EnsureTrailingSlash() + OidcConstants.Discovery.ProdDiscoveryEndpoint;
}
_client = new HttpClient(handler);
}
public async Task <DiscoveryResponse> GetAsync(CancellationToken cancellationToken = default(CancellationToken))
{
//Policy.Authority = Authority;
string jwkUrl = "";
if (!DiscoveryUrlHelper.IsSecureScheme(new Uri(Url), Policy))
{
return(new DiscoveryResponse(new InvalidOperationException("HTTPS required"), $"Error connecting to {Url}"));
}
try
{
var response = await _client.GetAsync(Url, cancellationToken).ConfigureAwait(false);
if (!response.IsSuccessStatusCode)
{
string errorDetail = "";
HttpResponseHeaders headers = response.Headers;
if (headers.WwwAuthenticate != null)
{
errorDetail = headers.WwwAuthenticate.ToString();
}
if (errorDetail != null && errorDetail != "")
{
return(new DiscoveryResponse(response.StatusCode, $"Error connecting to {Url}: {response.ReasonPhrase}: { errorDetail}"));
}
else
{
return(new DiscoveryResponse(response.StatusCode, $"Error connecting to {Url}: {response.ReasonPhrase}"));
}
}
var disco = new DiscoveryResponse(await response.Content.ReadAsStringAsync().ConfigureAwait(false), Policy);
if (disco.IsError)
{
return(disco);
}
try
{
jwkUrl = disco.JwksUri;
if (jwkUrl != null)
{
response = await _client.GetAsync(jwkUrl, cancellationToken).ConfigureAwait(false);
if (!response.IsSuccessStatusCode)
{
return(new DiscoveryResponse(response.StatusCode, $"Error connecting to {jwkUrl}: {response.ReasonPhrase}"));
}
var jwk = await response.Content.ReadAsStringAsync().ConfigureAwait(false);
disco.KeySet = new JsonWebKeySet(jwk);
}
return(disco);
}
catch (Exception ex)
{
return(new DiscoveryResponse(ex, $"Error connecting to {jwkUrl}"));
}
}
catch (Exception ex)
{
return(new DiscoveryResponse(ex, $"Error connecting to {Url}"));
}
}