ÿØÿà JFIF 

  
 
  ÿÛ „ 	 ( %"1!%)+...383,7(-.+




-+++--++++---+-+-----+---------------+---+-++7-----ÿÀ  ß â
" 

ÿÄ   

           
 ÿÄ H 
     
 !1AQaq"‘¡2B±ÁÑð#R“Ò Tbr‚²á3csƒ’ÂñDS¢³$CÿÄ 
 


            
ÿÄ %

 
       
!1AQa"23‘ÿÚ 
  ? ôÿ ¨pŸªáÿ —åYõõ\?àÒü©ŠÄï¨pŸªáÿ —åYõõ\?àÓü©ŠÄá 0Ÿªáÿ Ÿå[úƒ	ú®ði~TÁb
qÐ8OÕpÿ ƒOò¤Oè`–RÂáœá™êi€ßÉ< FtŸI“öÌ8úDf´°å}“¾œ6
öFá°y¥jñÇh†ˆ¢ã/ÃÐ:ªcÈ
"Y¡ðÑl>ÿ ”ÏËte:qž\oäŠe÷󲍷˜HT4&ÿ ÓÐü6ö®¿øþßèô	Ÿ•7Ñi’•j|“ñì>b…þS?*Óôÿ ÓÐü*h¥£ír¶ü UãSç‚Ÿ[AÐaè[ûª•õ&õj?†Éö+EzP—WeÒírJFt	‘BŒ†Ï‡%#tE Øz ¥OÛ«!1›üä±Í™%º<!vB™'èÔ6´Ña¿«e`Àà0U[-ÂБ4)M÷YK*³hï÷%ÎÎkÇ«m‘-íWŽLsã?nÂ~«†üö®þ¡ÂlÃaÿ ‰ÿ l©°Õ¥ åÜá¿r ºL[Çâ°(Çè'Vãôl8´ÏRÀvLvPõ:…ÙNçF™÷ë>Íãö]°î(–:@<‹ŒÊö×òÆt¦ãº+‡¦%ÌÁ²h´OƒJŒtMÜ>ÀÜÊw3
Y´•牋4ǍýʏTì>œú=Íwhyë,¾Ôò×õ¿ßÊa»«þˆѪQ|%6ž™A	õ%:øj<>É—ÿ Å_ˆCbõ¥š±ý¯Ýƒï…¶|RëócÍf溪“t.СøTÿ *Ä¿-{†çàczůŽ_–^XþŒ±miB[X±d 1,é”zEù»&
î9gœf™9Ð'.;—™i}!ôšåîqêÛ٤ёý£½ÆA–àôe"A$˝Úsäÿ 
÷Û	#°xŸëí(l
	 »ý3—¥5m!
rt`†0~'j2(]S¦¦kv,ÚÇl¦øJA£Šƒ
J3E8ÙiŽ:cÉžúeZ°€¯\®kÖ(79«Ž:¯X”¾³Š&¡* ….‰Ž(ÜíŸ2¥ª‡×Hi²TF¤ò[¨íÈRëÉ䢍mgÑ.Ÿ<öäS0í„ǹÁU´f#Vß;Õ–…P@3ío<ä-±»Ž.L|kªÀê›fÂ6@»eu‚|ÓaÞÆŸ…¨ááå>åŠ?cKü6ùTÍÆ”†sĤÚ;H2RÚ†õ\Ö·Ÿn'¾ ñ#ºI¤Å´%çÁ­‚â7›‹qT3Iï¨Ö
Ú5I7Ë!ÅOóŸ¶øÝñØôת¦$Tcö‘[«Ö³šÒ';Aþ ¸èíg
A2Z
"i¸vdÄ÷.iõ®§)¿]¤À†–‡É&ä{V¶iŽ”.Ó×Õÿ û?h¬Mt–íª[ÿ Ñÿ ÌV(í}=ibÔ¡›¥¢±b
 Lô¥‡piη_Z<‡z§èŒ)iÖwiÇ 2hÙ3·=’d÷8éŽ1¦¸c¤µ€7›7Ø	ð\á)}	¹fËí›pAÃL%âc2 í§æQz¿;T8sæ°qø)QFMð‰XŒÂ±
N¢aF¨…8¯!U		Z©RÊ ÖPVÄÀÍin™Ì-GˆªÅËŠ›•zË}º±ŽÍFò¹}Uw×#ä5B¤{î}Ð<ÙD
é©¤&‡ïDbàÁôMÁ.<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

namespace core\oauth2\discovery;

use core\http_client;
use GuzzleHttp\Exception\ClientException;

/**
 * Simple reader class, allowing OAuth 2 Authorization Server Metadata to be read from an auth server's well-known.
 *
 * {@link https://www.rfc-editor.org/rfc/rfc8414}
 *
 * @package    core
 * @copyright  2023 Jake Dallimore <jrhdallimore@gmail.com>
 * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class auth_server_config_reader {

    /** @var \stdClass the config object read from the discovery document. */
    protected \stdClass $metadata;

    /** @var \moodle_url the base URL for the auth server which was last used during a read.*/
    protected \moodle_url $issuerurl;

    /**
     * Constructor.
     *
     * @param http_client $httpclient an http client instance.
     * @param string $wellknownsuffix the well-known suffix, defaulting to 'oauth-authorization-server'.
     */
    public function __construct(protected http_client $httpclient,
        protected string $wellknownsuffix = 'oauth-authorization-server') {
    }

    /**
     * Read the metadata from the remote host.
     *
     * @param \moodle_url $issuerurl the auth server issuer URL.
     * @return \stdClass the configuration data object.
     * @throws ClientException|\GuzzleHttp\Exception\GuzzleException if the http client experiences any problems.
     */
    public function read_configuration(\moodle_url $issuerurl): \stdClass {
        $this->issuerurl = $issuerurl;
        $this->validate_uri();

        $url = $this->get_configuration_url()->out(false);
        $response = $this->httpclient->request('GET', $url);
        $this->metadata = json_decode($response->getBody());
        return $this->metadata;
    }

    /**
     * Make sure the base URI is suitable for use in discovery.
     *
     * @return void
     * @throws \moodle_exception if the URI fails validation.
     */
    protected function validate_uri() {
        if (!empty($this->issuerurl->get_query_string())) {
            throw new \moodle_exception('Error: '.__METHOD__.': Auth server base URL cannot contain a query component.');
        }
        if (strtolower($this->issuerurl->get_scheme()) !== 'https') {
            throw new \moodle_exception('Error: '.__METHOD__.': Auth server base URL must use HTTPS scheme.');
        }
        // This catches URL fragments. Since a query string is ruled out above, out_omit_querystring(false) returns only fragments.
        if ($this->issuerurl->out_omit_querystring() != $this->issuerurl->out(false)) {
            throw new \moodle_exception('Error: '.__METHOD__.': Auth server base URL must not contain fragments.');
        }
    }

    /**
     * Get the Auth server metadata URL.
     *
     * Per {@link https://www.rfc-editor.org/rfc/rfc8414#section-3}, if the issuer URL contains a path component,
     * the well known suffix is added between the host and path components.
     *
     * @return \moodle_url the full URL to the auth server metadata.
     */
    protected function get_configuration_url(): \moodle_url {
        $path = $this->issuerurl->get_path();
        if (!empty($path) && $path !== '/') {
            // Insert the well known suffix between the host and path components.
            $port = $this->issuerurl->get_port() ? ':'.$this->issuerurl->get_port() : '';
            $uri = $this->issuerurl->get_scheme() . "://" . $this->issuerurl->get_host() . $port ."/".
                ".well-known/" . $this->wellknownsuffix . $path;
        } else {
            // No path, just append the well known suffix.
            $uri = $this->issuerurl->out(false);
            $uri .= (substr($uri, -1) == '/' ? '' : '/');
            $uri .= ".well-known/$this->wellknownsuffix";
        }

        return new \moodle_url($uri);
    }
}