private async Task<IEndpointResult> ExecuteDiscoDocAsync(HttpContext context) { _logger.LogVerbose("Start discovery request"); var baseUrl = _context.GetIdentityServerBaseUrl().EnsureTrailingSlash(); var allScopes = await _scopes.GetScopesAsync(publicOnly: true); var showScopes = new List<Scope>(); var document = new DiscoveryDocument { issuer = _context.GetIssuerUri(), subject_types_supported = new[] { "public" }, id_token_signing_alg_values_supported = new[] { Constants.SigningAlgorithms.RSA_SHA_256 } }; // scopes if (_options.DiscoveryOptions.ShowIdentityScopes) { showScopes.AddRange(allScopes.Where(s => s.Type == ScopeType.Identity)); } if (_options.DiscoveryOptions.ShowResourceScopes) { showScopes.AddRange(allScopes.Where(s => s.Type == ScopeType.Resource)); } if (showScopes.Any()) { document.scopes_supported = showScopes.Where(s => s.ShowInDiscoveryDocument).Select(s => s.Name).ToArray(); } // claims if (_options.DiscoveryOptions.ShowClaims) { var claims = new List<string>(); foreach (var s in allScopes) { claims.AddRange(from c in s.Claims where s.Type == ScopeType.Identity select c.Name); } document.claims_supported = claims.Distinct().ToArray(); } // grant types if (_options.DiscoveryOptions.ShowGrantTypes) { var standardGrantTypes = Constants.SupportedGrantTypes.AsEnumerable(); if (this._options.AuthenticationOptions.EnableLocalLogin == false) { standardGrantTypes = standardGrantTypes.Where(type => type != OidcConstants.GrantTypes.Password); } var showGrantTypes = new List<string>(standardGrantTypes); if (_options.DiscoveryOptions.ShowCustomGrantTypes) { showGrantTypes.AddRange(_customGrants.GetAvailableGrantTypes()); } document.grant_types_supported = showGrantTypes.ToArray(); } // response types if (_options.DiscoveryOptions.ShowResponseTypes) { document.response_types_supported = Constants.SupportedResponseTypes.ToArray(); } // response modes if (_options.DiscoveryOptions.ShowResponseModes) { document.response_modes_supported = Constants.SupportedResponseModes.ToArray(); } // token endpoint authentication methods if (_options.DiscoveryOptions.ShowTokenEndpointAuthenticationMethods) { document.token_endpoint_auth_methods_supported = _parsers.GetAvailableAuthenticationMethods().ToArray(); } // endpoints if (_options.DiscoveryOptions.ShowEndpoints) { if (_options.Endpoints.EnableEndSessionEndpoint) { document.http_logout_supported = true; } if (_options.Endpoints.EnableAuthorizeEndpoint) { document.authorization_endpoint = baseUrl + Constants.RoutePaths.Oidc.Authorize; } if (_options.Endpoints.EnableTokenEndpoint) { document.token_endpoint = baseUrl + Constants.RoutePaths.Oidc.Token; } if (_options.Endpoints.EnableUserInfoEndpoint) { document.userinfo_endpoint = baseUrl + Constants.RoutePaths.Oidc.UserInfo; } if (_options.Endpoints.EnableEndSessionEndpoint) { document.end_session_endpoint = baseUrl + Constants.RoutePaths.Oidc.EndSession; } if (_options.Endpoints.EnableCheckSessionEndpoint) { document.check_session_iframe = baseUrl + Constants.RoutePaths.Oidc.CheckSession; } if (_options.Endpoints.EnableTokenRevocationEndpoint) { document.revocation_endpoint = baseUrl + Constants.RoutePaths.Oidc.Revocation; } if (_options.Endpoints.EnableIntrospectionEndpoint) { document.introspection_endpoint = baseUrl + Constants.RoutePaths.Oidc.Introspection; } } if (_options.DiscoveryOptions.ShowKeySet) { if (_options.SigningCertificate != null) { document.jwks_uri = baseUrl + Constants.RoutePaths.Oidc.DiscoveryWebKeys; } } return new DiscoveryDocumentResult(document, _options.DiscoveryOptions.CustomEntries); }
public DiscoveryDocumentResult(DiscoveryDocument document, Dictionary<string, object> customEntries) { Document = document; CustomEntries = customEntries; }