first round to fix issuer validator w/clouds

src/Microsoft.Identity.Web/Constants/Constants.cs

@@ -70,6 +70,7 @@ public static class Constants
         internal const string AzureADIssuerMetadataUrl = "https://login.microsoftonline.com/common/discovery/instance?authorization_endpoint=https://login.microsoftonline.com/common/oauth2/v2.0/authorize&api-version=1.1";
 #pragma warning restore S1075 // URIs should not be hardcoded
         internal const string FallbackAuthority = "https://login.microsoftonline.com/";
+        internal const string OidcEndpoint = "/.well-known/openid-configuration";
 
         // RegisterValidAudience
         internal const string Version = "ver";

src/Microsoft.Identity.Web/Constants/IDWebErrorMessage.cs

@@ -72,5 +72,6 @@ internal static class IDWebErrorMessage
         public const string InitializeAsyncIsObsolete = "IDW10801: Use Initialize instead. See https://aka.ms/ms-id-web/1.9.0. ";
         public const string ReplyForbiddenWithWwwAuthenticateHeaderAsyncIsObsolete = "IDW10802: Use ReplyForbiddenWithWwwAuthenticateHeader instead. See https://aka.ms/ms-id-web/1.9.0. ";
         public const string FromStoreWithThumprintIsObsolete = "IDW10803: Use FromStoreWithThumbprint instead, due to spelling error. ";
+        public const string AadIssuerValidatorIsObsolete = "IDW10804: Use MicrosoftIdentityIssuerValidator. ";
     }
 }

src/Microsoft.Identity.Web/InstanceDiscovery/IssuerMetadata.cs

@@ -1,7 +1,6 @@
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License.
 
-using System.Collections.Generic;
 using System.Text.Json.Serialization;
 
 namespace Microsoft.Identity.Web.InstanceDiscovery
@@ -12,21 +11,9 @@ namespace Microsoft.Identity.Web.InstanceDiscovery
     internal class IssuerMetadata
     {
         /// <summary>
-        /// Tenant discovery endpoint.
+        /// Issuer associated with the OIDC endpoint.
         /// </summary>
-        [JsonPropertyName(Constants.TenantDiscoveryEndpoint)]
-        public string? TenantDiscoveryEndpoint { get; set; }
-
-        /// <summary>
-        /// API Version.
-        /// </summary>
-        [JsonPropertyName(Constants.ApiVersion)]
-        public string? ApiVersion { get; set; }
-
-        /// <summary>
-        /// List of metadata associated with the endpoint.
-        /// </summary>
-        [JsonPropertyName(Constants.Metadata)]
-        public List<Metadata> Metadata { get; set; } = new List<Metadata>();
+        [JsonPropertyName("issuer")]
+        public string? Issuer { get; set; }
     }
 }

src/Microsoft.Identity.Web/Resource/AadIssuerValidator.cs

@@ -13,6 +13,7 @@ namespace Microsoft.Identity.Web.Resource
     /// <summary>
     /// Generic class that validates token issuer from the provided Azure AD authority.
     /// </summary>
+    [Obsolete(IDWebErrorMessage.AadIssuerValidatorIsObsolete, false)]
     public class AadIssuerValidator
     {
         /// <summary>
@@ -40,7 +41,10 @@ public class AadIssuerValidator
         /// <exception cref="ArgumentNullException"> if <paramref name="securityToken"/> is null.</exception>
         /// <exception cref="ArgumentNullException"> if <paramref name="validationParameters"/> is null.</exception>
         /// <exception cref="SecurityTokenInvalidIssuerException">if the issuer is invalid. </exception>
-        public string Validate(string actualIssuer, SecurityToken securityToken, TokenValidationParameters validationParameters)
+        public string Validate(
+            string actualIssuer,
+            SecurityToken securityToken,
+            TokenValidationParameters validationParameters)
         {
             if (string.IsNullOrEmpty(actualIssuer))
             {