IdentityShroud/IdentityShroud.Api/Apis/OpenIdEndpoints.cs

using IdentityShroud.Api.Mappers;
using IdentityShroud.Core.Contracts;
using IdentityShroud.Core.Messages;
using IdentityShroud.Core.Model;
using Microsoft.AspNetCore.Http.HttpResults;
using Microsoft.AspNetCore.Mvc;

namespace IdentityShroud.Api;

public static class OpenIdEndpoints
{
    // openid: auth/realms/{realmSlug}/.well-known/openid-configuration
    // openid: auth/realms/{realmSlug}/openid-connect/(auth|token|jwks)
    
    
    public static void MapEndpoints(this IEndpointRouteBuilder erp)
    {
        var realmsGroup = erp.MapGroup("/auth/realms");
        
        var realmSlugGroup = realmsGroup.MapGroup("{realmSlug}")
            .AddEndpointFilter<RealmSlugValidationFilter>();
        realmSlugGroup.MapGet(".well-known/openid-configuration", GetOpenIdConfiguration);

        var openidConnect = realmSlugGroup.MapGroup("openid-connect");
        openidConnect.MapPost("auth", OpenIdConnectAuth);
        openidConnect.MapPost("token", OpenIdConnectToken);
        openidConnect.MapGet("jwks", OpenIdConnectJwks);
    }
    
    private static async Task<JsonHttpResult<OpenIdConfiguration>> GetOpenIdConfiguration(
        string realmSlug,
        [FromServices]IRealmService realmService,
        HttpContext context)
    {
        Realm realm = context.GetValidatedRealm();
        
        var s = $"{context.Request.Scheme}://{context.Request.Host}{context.Request.Path}";
        var searchString = $"realms/{realmSlug}";
        int index = s.IndexOf(searchString, StringComparison.OrdinalIgnoreCase);
        string baseUri = s.Substring(0, index + searchString.Length);

        return TypedResults.Json(new OpenIdConfiguration()
        {
            AuthorizationEndpoint = baseUri + "/openid-connect/auth",
            TokenEndpoint = baseUri + "/openid-connect/token",
            Issuer =  baseUri,
            JwksUri =  baseUri + "/openid-connect/jwks",
        }, AppJsonSerializerContext.Default.OpenIdConfiguration);
    }

    private static async Task<Results<Ok<JsonWebKeySet>, BadRequest>> OpenIdConnectJwks(
        string realmSlug,
        [FromServices]IRealmService realmService,
        [FromServices]KeyMapper keyMapper,
        HttpContext context)
    {
        Realm realm = context.GetValidatedRealm();
        await realmService.LoadActiveKeys(realm);
        return TypedResults.Ok(keyMapper.KeyListToJsonWebKeySet(realm.Keys));
    }

    private static Task OpenIdConnectToken(HttpContext context)
    {
        throw new NotImplementedException();
    }

    private static Task OpenIdConnectAuth(HttpContext context)
    {
        throw new NotImplementedException();
    }

}