Interface AuthorizationRequestValidator
- All Superinterfaces:
Lifecycle
The validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method will be called after the
Connect2id server has performed standard validation of the OAuth 2.0
authorisation / OpenID authentication request, such as checking the
client_id
and redirect_uri
. JWT-secured authorisation
requests (JAR) will be unwrapped / resolved before that. The original raw
request can be obtained from the
context
.
The validated request can be returned modified. Modifications should be
limited to optional parameters. Parameters such as client_id
,
response_type
, redirect_uri
and state
must not be
modified.
The validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method can reject the request
by throwing a InvalidAuthorizationRequestException
with an
appropriate error code and optional description. When the request is
rejected the redirection back to the OAuth 2.0 client can also optionally be
disabled.
Example:
throw new InvalidAuthorizationRequestException( "Scope not accepted", // will be logged OAuth2Error.INVALID_SCOPE.setDescription("Scope not accepted: some_scope"), false // redirection not disabled );
Example resulting response:
HTTP/1.1 302 Found Location: https://client.example.com/cb? error=invalid_scope &error_description=Scope%20not%20accepted%3A%20some_scope &state=UeFi0Eu3siPaJahl
Implementations must be thread-safe.
-
Method Summary
Modifier and TypeMethodDescriptioncom.nimbusds.oauth2.sdk.AuthorizationRequest
validateAuthorizationRequest
(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) Validates the specified OAuth 2.0 authorisation / OpenID authentication request.
-
Method Details
-
validateAuthorizationRequest
com.nimbusds.oauth2.sdk.AuthorizationRequest validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidAuthorizationRequestException Validates the specified OAuth 2.0 authorisation / OpenID authentication request.- Parameters:
authzRequest
- The request to perform additional validation on. Can be cast toAuthenticationRequest
for an instance of an OpenID authentication request. Notnull
.validatorCtx
- The authorisation request validator context. Notnull
.- Returns:
- The validated OAuth 2.0 authorisation / OpenID
authentication request. It may be modified. Must not be
null
. - Throws:
InvalidAuthorizationRequestException
- If the request is rejected.
-