/// <summary>
/// Validates Endpoints
/// </summary>
/// <param name="json">json</param>
/// <param name="policy">policy</param>
/// <returns>bool</returns>
public string ValidateEndpoints(JObject json, DiscoveryPolicy policy)
{
//var authorityHost = new Uri(policy.Authority).Authority;
foreach (var element in json)
{
if (element.Key.EndsWith("Endpoint", StringComparison.OrdinalIgnoreCase) ||
element.Key.Equals(OidcConstants.Discovery.JwksUri, StringComparison.OrdinalIgnoreCase))
{
var endpoint = element.Value.ToString();
Uri uri;
var isValidUri = Uri.TryCreate(endpoint, UriKind.Absolute, out uri);
if (!isValidUri)//Uri not valid
{
return($"Malformed endpoint: {endpoint}");
}
if (!DiscoveryUrlHelper.IsValidScheme(uri))//Scheme not valid
{
return($"Malformed endpoint: {endpoint}");
}
if (!DiscoveryUrlHelper.IsSecureScheme(uri, policy))//Scheme not secure
{
return($"Endpoint does not use HTTPS: {endpoint}");
}
}
}
return(string.Empty);
}
public DiscoveryClient(string authority, HttpMessageHandler innerHandler = null)
{
var handler = innerHandler ?? new HttpClientHandler();
Uri uri;
var success = Uri.TryCreate(authority, UriKind.Absolute, out uri);
if (success == false)
{
throw new InvalidOperationException("Malformed authority URL");
}
if (!DiscoveryUrlHelper.IsValidScheme(uri))
{
throw new InvalidOperationException("Malformed authority URL");
}
var url = authority.RemoveTrailingSlash();
if (url.EndsWith(OidcConstants.Discovery.ProdDiscoveryEndpoint, StringComparison.OrdinalIgnoreCase))
{
Url = url;
Authority = url.Substring(0, url.Length - OidcConstants.Discovery.ProdDiscoveryEndpoint.Length - 1);
}
else if (url.EndsWith(OidcConstants.Discovery.SandboxDiscoveryEndpoint, StringComparison.OrdinalIgnoreCase))
{
Url = url;
Authority = url.Substring(0, url.Length - OidcConstants.Discovery.SandboxDiscoveryEndpoint.Length - 1);
}
else
{
Authority = url;
Url = url.EnsureTrailingSlash() + OidcConstants.Discovery.ProdDiscoveryEndpoint;
}
_client = new HttpClient(handler);
}
