-
Notifications
You must be signed in to change notification settings - Fork 218
/
MicrosoftIdentityIssuerValidatorFactory.cs
85 lines (75 loc) · 3.83 KB
/
MicrosoftIdentityIssuerValidatorFactory.cs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
using System;
using System.Collections.Concurrent;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using Microsoft.Extensions.Options;
using Microsoft.Identity.Web.InstanceDiscovery;
using Microsoft.IdentityModel.Protocols;
namespace Microsoft.Identity.Web.Resource
{
/// <summary>
/// Factory class for creating the IssuerValidator per authority.
/// </summary>
public class MicrosoftIdentityIssuerValidatorFactory
{
/// <summary>
/// Initializes a new instance of the <see cref="MicrosoftIdentityIssuerValidatorFactory"/> class.
/// </summary>
/// <param name="aadIssuerValidatorOptions">Options passed-in to create the AadIssuerValidator object.</param>
/// <param name="httpClientFactory">HttpClientFactory.</param>
public MicrosoftIdentityIssuerValidatorFactory(
IOptions<AadIssuerValidatorOptions> aadIssuerValidatorOptions,
IHttpClientFactory httpClientFactory)
{
if (aadIssuerValidatorOptions?.Value?.HttpClientName != null && httpClientFactory != null)
{
_configManager =
new ConfigurationManager<IssuerMetadata>(
Constants.AzureADIssuerMetadataUrl,
new IssuerConfigurationRetriever(),
httpClientFactory.CreateClient(aadIssuerValidatorOptions.Value.HttpClientName));
}
else
{
_configManager =
new ConfigurationManager<IssuerMetadata>(
Constants.AzureADIssuerMetadataUrl,
new IssuerConfigurationRetriever());
}
}
private readonly IDictionary<string, AadIssuerValidator> _issuerValidators = new ConcurrentDictionary<string, AadIssuerValidator>();
private readonly ConfigurationManager<IssuerMetadata> _configManager;
/// <summary>
/// Gets an <see cref="AadIssuerValidator"/> for an authority.
/// </summary>
/// <param name="aadAuthority">The authority to create the validator for, e.g. https://login.microsoftonline.com/. </param>
/// <returns>A <see cref="AadIssuerValidator"/> for the aadAuthority.</returns>
/// <exception cref="ArgumentNullException">if <paramref name="aadAuthority"/> is null or empty.</exception>
public AadIssuerValidator GetAadIssuerValidator(string aadAuthority)
{
if (string.IsNullOrEmpty(aadAuthority))
{
throw new ArgumentNullException(nameof(aadAuthority));
}
Uri.TryCreate(aadAuthority, UriKind.Absolute, out Uri? authorityUri);
string authorityHost = authorityUri?.Authority ?? new Uri(Constants.FallbackAuthority).Authority;
if (_issuerValidators.TryGetValue(authorityHost, out AadIssuerValidator? aadIssuerValidator))
{
return aadIssuerValidator;
}
// In the constructor, we hit the Azure AD issuer metadata endpoint and cache the aliases. The data is cached for 24 hrs.
IssuerMetadata issuerMetadata = _configManager.GetConfigurationAsync().ConfigureAwait(false).GetAwaiter().GetResult();
// Add issuer aliases of the chosen authority to the cache
IEnumerable<string> aliases = issuerMetadata.Metadata
.Where(m => m.Aliases.Any(a => string.Equals(a, authorityHost, StringComparison.OrdinalIgnoreCase)))
.SelectMany(m => m.Aliases)
.Append(authorityHost) // For B2C scenarios, the alias will be the authority itself
.Distinct();
_issuerValidators[authorityHost] = new AadIssuerValidator(aliases);
return _issuerValidators[authorityHost];
}
}
}