@ThreadSafe public interface PARValidator
The validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)
method will be called after the Connect2id
server has performed standard validation of the OAuth 2.0 authorisation /
OpenID authentication request, such as such as checking the
client_id
and ensuring the client is authorised the use the OAuth
2.0 grant. JWT-secured authorisation requests (JAR) will be unwrapped /
resolved before that.
The validated request can be returned modified. Modifications should be
limited to optional parameters. Parameters such as client_id
,
response_type
, redirect_uri
and state
must not be
modified.
The validate(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)
method can reject the request by throwing an
InvalidPARException
with an appropriate HTTP status code and
error code. The exception message will be logged and not output to the
client.
Example:
throw new InvalidPARException("Scope not accepted scope", // will be logged OAuth2Error.INVALID_SCOPE .setHTTPStatusCode(400) .setDescription("Scope not accepted: some_scope"));The resulting HTTP response:
HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error" : "invalid_scope", "error_description" : "Scope not accepted: some_scope" }
Implementations must be thread-safe.
Modifier and Type | Method and Description |
---|---|
default void |
validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest,
ValidatorContext validatorCtx)
Deprecated.
|
default com.nimbusds.oauth2.sdk.AuthorizationRequest |
validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest,
ValidatorContext validatorCtx)
Validates the specified OAuth 2.0 authorisation / OpenID
authentication request.
|
@Deprecated default void validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws com.nimbusds.oauth2.sdk.GeneralException
Deprecated in v4.28, use validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)
instead.
authzRequest
- The request to perform additional validation on.
Can be cast to
AuthenticationRequest
for an instance of an OpenID authentication
request.
Not null
.validatorCtx
- The PAR validator context. Not null
.com.nimbusds.oauth2.sdk.GeneralException
- If the request is rejected. Should include
an appropriate HTTP status and error code.default com.nimbusds.oauth2.sdk.AuthorizationRequest validateRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidPARException
authzRequest
- The request to perform additional validation on.
Can be cast to
AuthenticationRequest
for an instance of an OpenID authentication
request.
Not null
.validatorCtx
- The PAR validator context. Not null
.null
.InvalidPARException
- If the request is rejected.Copyright © 2021 Connect2id Ltd.. All rights reserved.