Source code

001package com.nimbusds.openid.connect.provider.spi.par;
002
003
004import net.jcip.annotations.ThreadSafe;
005
006import com.nimbusds.oauth2.sdk.AuthorizationRequest;
007import com.nimbusds.oauth2.sdk.GeneralException;
008
009
010/**
011 * Service Provider Interface (SPI) for performing additional validation of
012 * Pushed Authorisation Requests (PAR).
013 *
014 * <p>The {@link #validate} method will be called after the Connect2id server
015 * has performed standard validation of the OAuth 2.0 authorisation / OpenID
016 * authentication request, such as such as checking the {@code client_id} and
017 * ensuring the client is authorised the use the OAuth 2.0 grant. JWT-secured
018 * authorisation requests (JAR) will be unwrapped / resolved before that.
019 *
020 * <p>The {@link #validate} method can reject the request by throwing a
021 * {@link GeneralException} with an appropriate HTTP status code and error
022 * code. The exception message will be logged and not output to the client.
023 *
024 * <p>Example:
025 *
026 * <pre>
027 * throw new GeneralException("Scope not accepted scope", // will be logged
028 *      OAuth2Error.INVALID_SCOPE
029 *      .setHTTPStatusCode(400)
030 *      .setDescription("Scope not accepted: some_scope"));
031 * </pre>
032 *
033 * The resulting HTTP response:
034 *
035 * <pre>
036 * HTTP/1.1 400 Bad Request
037 * Content-Type: application/json;charset=UTF-8
038 * Cache-Control: no-store
039 * Pragma: no-cache
040 *
041 * {
042 *   "error"             : "invalid_scope",
043 *   "error_description" : "Scope not accepted: some_scope"
044 * }
045 * </pre>
046 *
047 * <p>Implementations must be thread-safe.
048 */
049@ThreadSafe
050public interface PARValidator {
051        
052        
053        /**
054         * Validates the specified OAuth 2.0 authorisation / OpenID
055         * authentication request.
056         *
057         * @param authzRequest The request to perform additional validation on.
058         *                     Not {@code null}.
059         * @param validatorCtx The PAR validator context. Not {@code null}.
060         *
061         * @throws GeneralException If the request is rejected. Should include
062         *                          an appropriate HTTP status code and error
063         *                          code.
064         */
065        void validate(final AuthorizationRequest authzRequest, final ValidatorContext validatorCtx)
066                throws GeneralException;
067}