private async Task CreateTokenValidationParameters()

in Application/Communication/ImageRecognition.Communication.Functions/Functions.cs [134:167]

• 27 lines of code
• 2 McCabe index (conditional complexity)

        private async Task<TokenValidationParameters> CreateTokenValidationParameters(ILambdaContext context)
        {
            context.Logger.LogLine("Loading user pool configuration from SSM Parameter Store.");
            var configuration = new ConfigurationBuilder()
                .AddSystemsManager("/ImageRecognition")
                .Build();

            var region = configuration["AWS:Region"];
            if (string.IsNullOrEmpty(region)) region = FallbackRegionFactory.GetRegionEndpoint().SystemName;
            var userPoolId = configuration["AWS:UserPoolId"];
            var userPoolClientId = configuration["AWS:UserPoolClientId"];

            context.Logger.LogLine("Configuring JWT Validation parameters");

            var openIdConfigurationUrl =
                $"https://cognito-idp.{region}.amazonaws.com/{userPoolId}/.well-known/openid-configuration";
            var configurationManager = new ConfigurationManager<OpenIdConnectConfiguration>(openIdConfigurationUrl,
                new OpenIdConnectConfigurationRetriever());

            context.Logger.LogLine($"Loading open id configuration from {openIdConfigurationUrl}");
            var openIdConfig = await configurationManager.GetConfigurationAsync();


            var validIssuer = $"https://cognito-idp.{region}.amazonaws.com/{userPoolId}";
            context.Logger.LogLine($"Valid Issuer: {validIssuer}");
            context.Logger.LogLine($"Valid Audiences: {userPoolClientId}");

            return new TokenValidationParameters
            {
                ValidIssuer = validIssuer,
                ValidAudiences = new[] {userPoolClientId},
                IssuerSigningKeys = openIdConfig.SigningKeys
            };
        }