Miscelanious trials

2026-02-06 19:58:01 +01:00 · 2026-02-06 19:58:01 +01:00 · f99c97f392
commit f99c97f392
33 changed files with 881 additions and 0 deletions
--- a/IdentityShroud.Core/Messages/JsonWebKey.cs
+++ b/IdentityShroud.Core/Messages/JsonWebKey.cs
@ -0,0 +1,34 @@
+using System.Text.Json.Serialization;
+
+namespace IdentityShroud.Core.Messages;
+
+public class JsonWebKey
+{
+    [JsonPropertyName("kty")]
+    public string KeyType { get; set; } = "RSA";
+    
+    [JsonPropertyName("use")]
+    public string Use { get; set; } = "sig"; // "sig" for signature, "enc" for encryption
+    
+    [JsonPropertyName("alg")]
+    public string Algorithm { get; set; } = "RS256";
+    
+    [JsonPropertyName("kid")]
+    public string KeyId { get; set; }
+    
+    // RSA Public Key Components
+    [JsonPropertyName("n")]
+    public string Modulus { get; set; }
+    
+    [JsonPropertyName("e")]
+    public string Exponent { get; set; }
+    
+    // Optional fields
+    [JsonPropertyName("x5c")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public List<string> X509CertificateChain { get; set; }
+    
+    [JsonPropertyName("x5t")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string X509CertificateThumbprint { get; set; }    
+}
--- a/IdentityShroud.Core/Messages/JsonWebKeySet.cs
+++ b/IdentityShroud.Core/Messages/JsonWebKeySet.cs
@ -0,0 +1,9 @@
+using System.Text.Json.Serialization;
+
+namespace IdentityShroud.Core.Messages;
+
+public class JsonWebKeySet
+{
+    [JsonPropertyName("keys")]
+    public List<JsonWebKey> Keys { get; set; } = new List<JsonWebKey>();
+}
--- a/IdentityShroud.Core/Messages/JsonWebToken.cs
+++ b/IdentityShroud.Core/Messages/JsonWebToken.cs
@ -0,0 +1,39 @@
+using System.Text.Json.Serialization;
+
+namespace IdentityShroud.Core.Messages;
+
+public class JsonWebTokenHeader
+{
+    [JsonPropertyName("alg")]
+    public string Algorithm { get; set; } = "HS256";
+    [JsonPropertyName("typ")]
+    public string Type { get; set; } = "JWT";
+    [JsonPropertyName("kid")]
+    public string KeyId { get; set; }
+
+}
+
+public class JsonWebTokenPayload
+{
+    [JsonPropertyName("iss")]
+    public string Issuer { get; set; }
+    [JsonPropertyName("aud")]
+    public string[] Audience { get; set; }
+    [JsonPropertyName("sub")]
+    public string Subject { get; set; }
+    [JsonPropertyName("exp")]
+    public long Expires { get; set; }
+    [JsonPropertyName("iat")]
+    public long IssuedAt { get; set; }
+    [JsonPropertyName("nbf")]
+    public long NotBefore { get; set; }
+    [JsonPropertyName("jti")]
+    public Guid JwtId { get; set; } 
+}
+
+public class JsonWebToken
+{
+    public JsonWebTokenHeader Header { get; set; } = new();
+    public JsonWebTokenPayload Payload { get; set; } = new();
+    public byte[] Signature { get; set; } = [];
+}
--- a/IdentityShroud.Core/Messages/OpenIdConfiguration.cs
+++ b/IdentityShroud.Core/Messages/OpenIdConfiguration.cs
@ -0,0 +1,72 @@
+using System.Text.Json.Serialization;
+
+namespace IdentityShroud.Core.Messages;
+
+/// <summary>
+/// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
+/// </summary>
+public class OpenIdConfiguration
+{
+    /// <summary>
+    /// REQUIRED. URL using the https scheme with no query or fragment components that the OP asserts as its
+    /// Issuer Identifier. If Issuer discovery is supported (see Section 2), this value MUST be identical to the
+    /// issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued
+    /// from this Issuer.
+    /// </summary>
+    [JsonPropertyName("issuer")]
+    public required string Issuer { get; set; }
+    /// <summary>
+    /// REQUIRED. URL of the OP's OAuth 2.0 Authorization Endpoint [OpenID.Core]. This URL MUST use the https scheme
+    /// and MAY contain port, path, and query parameter components.
+    /// </summary>
+    [JsonPropertyName("authorization_endpoint")]
+    public required string AuthorizationEndpoint { get; set; }
+    /// <summary>
+    /// URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Core]. This is REQUIRED unless only the Implicit Flow is used.
+    /// This URL MUST use the https scheme and MAY contain port, path, and query parameter components.
+    /// </summary>
+    [JsonPropertyName("token_endpoint")]
+    public string? TokenEndpoint { get; set; }
+    /// <summary>
+    /// RECOMMENDED. URL of the OP's UserInfo Endpoint [OpenID.Core]. This URL MUST use the https scheme and MAY contain
+    /// port, path, and query parameter components.
+    /// </summary>
+    [JsonPropertyName("userinfo_endpoint")]
+    public string? UserInfoEndpoint { get; set; }
+
+    /// <summary>
+    /// REQUIRED. URL of the OP's JWK Set [JWK] document, which MUST use the https scheme. This contains the signing
+    /// key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption
+    /// key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made
+    /// available, a use (public key use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate
+    /// each key's intended usage. Although some algorithms allow the same key to be used for both signatures and
+    /// encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide
+    /// X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match
+    /// those in the certificate. The JWK Set MUST NOT contain private or symmetric key values.
+    /// </summary>
+    [JsonPropertyName("jwks_uri")]
+    public required string JwksUri { get; set; }
+
+    /// <summary>
+    /// REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic
+    /// OpenID Providers MUST support the code, id_token, and the id_token token Response Type values.
+    /// </summary>
+    [JsonPropertyName("response_types_supported")]
+    public string[] ResponseTypesSupported { get; set; } = [ "code", "id_token", "id_token token"];
+
+    /// <summary>
+    /// REQUIRED. JSON array containing a list of the Subject Identifier types that this OP supports. Valid types
+    /// include pairwise and public.
+    /// </summary>
+    [JsonPropertyName("subject_types_supported")]
+    public string[] SubjectTypesSupported { get; set; } = [ "public" ];
+
+    /// <summary>
+    /// REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the
+    /// ID Token to encode the Claims in a JWT [JWT]. The algorithm RS256 MUST be included. The value none MAY be
+    /// supported but MUST NOT be used unless the Response Type used returns no ID Token from the Authorization
+    /// Endpoint (such as when using the Authorization Code Flow).
+    /// </summary>
+    [JsonPropertyName("id_token_signing_alg_values_supported")]
+    public string[] IdTokenSigningAlgValuesSupported { get; set; } = [ "RS256" ];
+}