+ ctx.errors.push(`Unable to understand the authorization endpoint ('${profile.metadata.authorizationEndpoint}') indicated by that profile ('${me}') as a URL.`);
+ }
+
+ if (profile.metadata.issuer) {
+ // Validate issuer
+ try {
+ const issuer = new URL(profile.metadata.issuer);
+ if (issuer.hash
+ || issuer.search
+ || issuer.protocol.toLowerCase() !== 'https:') { // stupid URL trailing colon thing
+ this.logger.debug(_scope, 'supplied issuer url invalid', { ctx });
+ ctx.errors.push('Authorization server provided an invalid issuer field.');
+ }
+ } catch (e) {
+ this.logger.debug(_scope, 'failed to parse supplied issuer url', { ctx });
+ ctx.errors.push('Authorization server provided an unparsable issuer field.');
+ }
+ } else {
+ this.logger.debug(_scope, 'no issuer in metadata, assuming legacy mode', { ctx });
+ // Strict 20220212 compliance would error here.
+ // ctx.errors.push('Authorization server did not provide issuer field, as required by current specification.');