0

OIDC has a "Well Known Configuration" page that is commonly hosted by the Identity Provider (IDP), also called a Discovery Document. I am trying to figure out Microsoft.Identity.Web and can't seem to find a way to read in the discovery document using that framework.

I currently am using the IdentityModel.Client code. It has a way to get the Discovery document.

It seems odd that Microsoft.Idetntity would not have a similar feature, but maybe Microsoft thought that everyone would fit in the "happy path" of just calling AddMicrosoftIdentityWebApi and not need the discovery document.

Vaccano
  • 78,325
  • 149
  • 468
  • 850

1 Answers1

1

I use the following code to parse the discovery document:

using Microsoft.IdentityModel.Protocols;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;

namespace OpenID_Connect_client.Models
{
    public class OpenIDSettings : IOpenIDSettings
    {
        public string EndPoint { get; }
        public string Issuer { get; }
        public string jwks_uri { get; }
        public string authorization_endpoint { get; }
        public string token_endpoint { get; }
        public string userinfo_endpoint { get; }
        public string end_session_endpoint { get; }
        public string check_session_iframe { get; }
        public string revocation_endpoint { get; }
        public string introspection_endpoint { get; }
        public string device_authorization_endpoint { get; }

        public ICollection<string> scopes_supported { get; }
        public ICollection<string> claims_supported { get; }
        public ICollection<string> IdTokenSigningAlgValuesSupported { get; }
        public ICollection<string> ResponseModesSupported { get; }
        public ICollection<string> ResponseTypesSupported { get; }
        public ICollection<string> GrantTypesSupported { get; }

        /// <summary>
        /// Will download and parse the token service openid-configuration document
        /// Written by Tore Nestenius , https://www.tn-data.se </summary>
        /// <param name="endpoint"></param>
        public OpenIDSettings(string endpoint)
        {
            EndPoint = $"{endpoint}/.well-known/openid-configuration";

            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(
                                           metadataAddress: EndPoint,
                                           configRetriever: new OpenIdConnectConfigurationRetriever());

            //If you get an exception here, then your Identity Server is not running or reachable
            var document = configurationManager.GetConfigurationAsync().Result;

            Issuer = document.Issuer;
            jwks_uri = document.JwksUri;
            authorization_endpoint = document.AuthorizationEndpoint;
            token_endpoint = document.TokenEndpoint;
            userinfo_endpoint = document.UserInfoEndpoint;
            end_session_endpoint = document.EndSessionEndpoint;
            check_session_iframe = document.CheckSessionIframe;
          
            scopes_supported = document.ScopesSupported;
            claims_supported = document.ClaimsSupported;
            IdTokenSigningAlgValuesSupported = document.IdTokenSigningAlgValuesSupported;
            ResponseModesSupported = document.ResponseModesSupported;
            ResponseTypesSupported = document.ResponseTypesSupported;
            GrantTypesSupported = document.GrantTypesSupported;

            if (document.AdditionalData.ContainsKey("revocation_endpoint"))
                revocation_endpoint = (string)(document.AdditionalData["revocation_endpoint"]);
            
            if (document.AdditionalData.ContainsKey("introspection_endpoint"))
                introspection_endpoint = (string)(document.AdditionalData["introspection_endpoint"]);

            if (document.AdditionalData.ContainsKey("device_authorization_endpoint"))
                device_authorization_endpoint = (string)(document.AdditionalData["device_authorization_endpoint"]);
        }
    }
}

It uses the Microsoft.IdentityModel.Protocols.OpenIdConnect package.

Tore Nestenius
  • 16,431
  • 5
  • 30
  • 40