001package com.nimbusds.openid.connect.provider.spi.reg; 002 003 004import net.jcip.annotations.ThreadSafe; 005 006import com.nimbusds.openid.connect.provider.spi.Lifecycle; 007import com.nimbusds.openid.connect.sdk.rp.OIDCClientMetadata; 008 009 010/** 011 * Service Provider Interface (SPI) for for performing additional validation 012 * and / or shaping of OAuth 2.0 client / OpenID relying party metadata, after 013 * the Connect2id server has completed its own standard validations. The 014 * loaded and {@link #isEnabled() enabled} SPI implementations will be called 015 * (in no particular order) when a new client is registered (via HTTP POST 016 * request) or updated (via HTTP PUT request). 017 * 018 * <p>Implementations must be thread-safe. 019 */ 020@ThreadSafe 021public interface FinalMetadataValidator extends Lifecycle { 022 023 024 /** 025 * Validates the specified OAuth 2.0 client / OpenID relying party 026 * metadata. 027 * 028 * @param metadata The OAuth 2.0 client / OpenID relying party 029 * metadata. Not {@code null}. 030 * @param validatorCtx The validator context. Not {@code null}. 031 * 032 * @return The validated metadata. It may be modified. Must not be 033 * {@code null}. 034 * 035 * @throws InvalidRegistrationException If validation failed. 036 */ 037 OIDCClientMetadata validate(final OIDCClientMetadata metadata, 038 final ValidatorContext validatorCtx) 039 throws InvalidRegistrationException; 040}