using System.Text.Json.Serialization;
namespace IdentityShroud.Core.Messages;
///
/// https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata
///
public class OpenIdConfiguration
{
///
/// REQUIRED. URL using the https scheme with no query or fragment components that the OP asserts as its
/// Issuer Identifier. If Issuer discovery is supported (see Section 2), this value MUST be identical to the
/// issuer value returned by WebFinger. This also MUST be identical to the iss Claim value in ID Tokens issued
/// from this Issuer.
///
[JsonPropertyName("issuer")]
public required string Issuer { get; set; }
///
/// REQUIRED. URL of the OP's OAuth 2.0 Authorization Endpoint [OpenID.Core]. This URL MUST use the https scheme
/// and MAY contain port, path, and query parameter components.
///
[JsonPropertyName("authorization_endpoint")]
public required string AuthorizationEndpoint { get; set; }
///
/// URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Core]. This is REQUIRED unless only the Implicit Flow is used.
/// This URL MUST use the https scheme and MAY contain port, path, and query parameter components.
///
[JsonPropertyName("token_endpoint")]
public string? TokenEndpoint { get; set; }
///
/// RECOMMENDED. URL of the OP's UserInfo Endpoint [OpenID.Core]. This URL MUST use the https scheme and MAY contain
/// port, path, and query parameter components.
///
[JsonPropertyName("userinfo_endpoint")]
public string? UserInfoEndpoint { get; set; }
///
/// REQUIRED. URL of the OP's JWK Set [JWK] document, which MUST use the https scheme. This contains the signing
/// key(s) the RP uses to validate signatures from the OP. The JWK Set MAY also contain the Server's encryption
/// key(s), which are used by RPs to encrypt requests to the Server. When both signing and encryption keys are made
/// available, a use (public key use) parameter value is REQUIRED for all keys in the referenced JWK Set to indicate
/// each key's intended usage. Although some algorithms allow the same key to be used for both signatures and
/// encryption, doing so is NOT RECOMMENDED, as it is less secure. The JWK x5c parameter MAY be used to provide
/// X.509 representations of keys provided. When used, the bare key values MUST still be present and MUST match
/// those in the certificate. The JWK Set MUST NOT contain private or symmetric key values.
///
[JsonPropertyName("jwks_uri")]
public required string JwksUri { get; set; }
///
/// REQUIRED. JSON array containing a list of the OAuth 2.0 response_type values that this OP supports. Dynamic
/// OpenID Providers MUST support the code, id_token, and the id_token token Response Type values.
///
[JsonPropertyName("response_types_supported")]
public string[] ResponseTypesSupported { get; set; } = [ "code", "id_token", "id_token token"];
///
/// REQUIRED. JSON array containing a list of the Subject Identifier types that this OP supports. Valid types
/// include pairwise and public.
///
[JsonPropertyName("subject_types_supported")]
public string[] SubjectTypesSupported { get; set; } = [ "public" ];
///
/// REQUIRED. JSON array containing a list of the JWS signing algorithms (alg values) supported by the OP for the
/// ID Token to encode the Claims in a JWT [JWT]. The algorithm RS256 MUST be included. The value none MAY be
/// supported but MUST NOT be used unless the Response Type used returns no ID Token from the Authorization
/// Endpoint (such as when using the Authorization Code Flow).
///
[JsonPropertyName("id_token_signing_alg_values_supported")]
public string[] IdTokenSigningAlgValuesSupported { get; set; } = [ "RS256" ];
}