Reworked code around signing keys have key details much more isolated from the other parts of the program.

2026-02-21 20:15:46 +01:00 · 2026-02-21 20:15:46 +01:00 · 0c6f227049
commit 0c6f227049
parent eb872a4f44
40 changed files with 474 additions and 281 deletions
--- a/IdentityShroud.Api/Apis/OpenIdEndpoints.cs
+++ b/IdentityShroud.Api/Apis/OpenIdEndpoints.cs
@ -0,0 +1,72 @@
+using IdentityShroud.Api.Mappers;
+using IdentityShroud.Core.Contracts;
+using IdentityShroud.Core.Messages;
+using IdentityShroud.Core.Model;
+using Microsoft.AspNetCore.Http.HttpResults;
+using Microsoft.AspNetCore.Mvc;
+
+namespace IdentityShroud.Api;
+
+public static class OpenIdEndpoints
+{
+    // openid: auth/realms/{realmSlug}/.well-known/openid-configuration
+    // openid: auth/realms/{realmSlug}/openid-connect/(auth|token|jwks)
+    
+    
+    public static void MapEndpoints(this IEndpointRouteBuilder erp)
+    {
+        var realmsGroup = erp.MapGroup("/auth/realms");
+        
+        var realmSlugGroup = realmsGroup.MapGroup("{realmSlug}")
+            .AddEndpointFilter<RealmSlugValidationFilter>();
+        realmSlugGroup.MapGet(".well-known/openid-configuration", GetOpenIdConfiguration);
+
+        var openidConnect = realmSlugGroup.MapGroup("openid-connect");
+        openidConnect.MapPost("auth", OpenIdConnectAuth);
+        openidConnect.MapPost("token", OpenIdConnectToken);
+        openidConnect.MapGet("jwks", OpenIdConnectJwks);
+    }
+    
+    private static async Task<JsonHttpResult<OpenIdConfiguration>> GetOpenIdConfiguration(
+        string realmSlug,
+        [FromServices]IRealmService realmService,
+        HttpContext context)
+    {
+        Realm realm = context.GetValidatedRealm();
+        
+        var s = $"{context.Request.Scheme}://{context.Request.Host}{context.Request.Path}";
+        var searchString = $"realms/{realmSlug}";
+        int index = s.IndexOf(searchString, StringComparison.OrdinalIgnoreCase);
+        string baseUri = s.Substring(0, index + searchString.Length);
+
+        return TypedResults.Json(new OpenIdConfiguration()
+        {
+            AuthorizationEndpoint = baseUri + "/openid-connect/auth",
+            TokenEndpoint = baseUri + "/openid-connect/token",
+            Issuer =  baseUri,
+            JwksUri =  baseUri + "/openid-connect/jwks",
+        }, AppJsonSerializerContext.Default.OpenIdConfiguration);
+    }
+
+    private static async Task<Results<Ok<JsonWebKeySet>, BadRequest>> OpenIdConnectJwks(
+        string realmSlug,
+        [FromServices]IRealmService realmService,
+        [FromServices]KeyMapper keyMapper,
+        HttpContext context)
+    {
+        Realm realm = context.GetValidatedRealm();
+        await realmService.LoadActiveKeys(realm);
+        return TypedResults.Ok(keyMapper.KeyListToJsonWebKeySet(realm.Keys));
+    }
+
+    private static Task OpenIdConnectToken(HttpContext context)
+    {
+        throw new NotImplementedException();
+    }
+
+    private static Task OpenIdConnectAuth(HttpContext context)
+    {
+        throw new NotImplementedException();
+    }
+
+}