@ThreadSafe public interface AuthorizationRequestValidator extends Lifecycle
The validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method will be called after the
Connect2id server has performed standard validation of the OAuth 2.0
authorisation / OpenID authentication request, such as such as checking the
client_id
and redirect_uri
. JWT-secured authorisation
requests (JAR) will be unwrapped / resolved before that.
The validated request can be returned modified. Modifications should be
limited to optional parameters. Parameters such as client_id
,
response_type
, redirect_uri
and state
must not be
modified.
The validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method can reject the request
by throwing a InvalidAuthorizationRequestException
with an
appropriate error code and optional description. When the request is
rejected the redirection back to the OAuth 2.0 client can also optionally be
disabled.
Example:
throw new InvalidAuthorizationRequestException( "Scope not accepted", // will be logged OAuth2Error.INVALID_SCOPE.setDescription("Scope not accepted: some_scope"), false // redirection not disabled );
Example resulting response:
HTTP/1.1 302 Found Location: https://client.example.com/cb? error=invalid_scope &error_description=Scope%20not%20accepted%3A%20some_scope &state=UeFi0Eu3siPaJahl
Implementations must be thread-safe.
Modifier and Type | Method and Description |
---|---|
com.nimbusds.oauth2.sdk.AuthorizationRequest |
validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest,
ValidatorContext validatorCtx)
Validates the specified OAuth 2.0 authorisation / OpenID
authentication request.
|
com.nimbusds.oauth2.sdk.AuthorizationRequest validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidAuthorizationRequestException
authzRequest
- The request to perform additional validation on.
Can be cast to
AuthenticationRequest
for an instance of an OpenID authentication
request.
Not null
.validatorCtx
- The authorisation request validator context. Not
null
.null
.InvalidAuthorizationRequestException
- If the request is
rejected.Copyright © 2021 Connect2id Ltd.. All rights reserved.