@ThreadSafe public interface AuthorizationRequestValidator
The validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method will be called after the Connect2id
server has performed standard validation of the OAuth 2.0 authorisation /
OpenID authentication request, such as such as checking the
client_id
and redirect_uri
. JWT-secured authorisation
requests (JAR) will be unwrapped / resolved before that.
The validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method can reject the request by throwing a
InvalidAuthorizationRequestException
with an appropriate error code
and optional description. When the request is rejected the redirection back
to the OAuth 2.0 client can also optionally be disabled.
Example:
throw new InvalidAuthorizationRequestException( "Scope not accepted", // will be logged OAuth2Error.INVALID_SCOPE.setDescription("Scope not accepted: some_scope"), false // redirection not disabled );
Example resulting response:
HTTP/1.1 302 Found Location: https://client.example.com/cb? error=invalid_scope &error_description=Scope%20not%20accepted%3A%20some_scope &state=UeFi0Eu3siPaJahl
Implementations must be thread-safe.
Modifier and Type | Method and Description |
---|---|
void |
validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest,
ValidatorContext validatorCtx)
Validates the specified OAuth 2.0 authorisation / OpenID
authentication request.
|
void validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidAuthorizationRequestException
authzRequest
- The request to perform additional validation on.
Not null
.validatorCtx
- The authorisation request validator context. Not
null
.InvalidAuthorizationRequestException
- If the request is
rejected.Copyright © 2021 Connect2id Ltd.. All rights reserved.