DiscoveryEndpoint validate(DiscoveryEndpoint discoveryEndpoint, string issuer)
{
if (!DiscoveryPolicy.ValidateIssuerName)
{
return(discoveryEndpoint);
}
if (DiscoveryPolicy.RequireHttps && !DiscoveryEndpoint.IsSecureScheme(new Uri(discoveryEndpoint.Url), DiscoveryPolicy))
{
throw new InvalidOperationException($"Error connecting to {discoveryEndpoint.Url}. HTTPS required.");
}
var strategy = DiscoveryPolicy.AuthorityValidationStrategy ?? DiscoveryPolicy.DefaultAuthorityValidationStrategy;
var issuerValidationResult = strategy.IsIssuerNameValid(issuer, discoveryEndpoint.Authority);
if (!issuerValidationResult.Success)
{
throw new InvalidOperationException($"Error connecting to {discoveryEndpoint.Url}. {issuerValidationResult.ErrorMessage}.");
}
return(discoveryEndpoint);
}
DiscoveryEndpoint getDiscoveryEndpoint(SecurityToken jwtSecurityToken)
{
var disco = DiscoveryEndpoint.ParseUrl(jwtSecurityToken.Issuer);
return(validate(disco, jwtSecurityToken.Issuer));
}
