Interface AuthorizationRequestValidator
- All Superinterfaces:
Lifecycle
The validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext) method will be called after the
Connect2id server has performed standard validation of the OAuth 2.0
authorisation / OpenID authentication request, such as checking the
client_id and redirect_uri. JWT-secured authorisation
requests (JAR) will be unwrapped / resolved before that. The original raw
request can be obtained from the
context.
The validated request can be returned modified. Modifications should be
limited to optional parameters. Parameters such as client_id,
response_type, redirect_uri and state must not be
modified.
The validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext) method can reject the request
by throwing a InvalidAuthorizationRequestException with an
appropriate error code and optional description. When the request is
rejected the redirection back to the OAuth 2.0 client can also optionally be
disabled.
Example:
throw new InvalidAuthorizationRequestException(
"Scope not accepted", // will be logged
OAuth2Error.INVALID_SCOPE.setDescription("Scope not accepted: some_scope"),
false // redirection not disabled
);
Example resulting response:
HTTP/1.1 302 Found Location: https://client.example.com/cb? error=invalid_scope &error_description=Scope%20not%20accepted%3A%20some_scope &state=UeFi0Eu3siPaJahl
Implementations must be thread-safe.
-
Method Summary
Modifier and TypeMethodDescriptioncom.nimbusds.oauth2.sdk.AuthorizationRequestvalidateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) Validates the specified OAuth 2.0 authorisation / OpenID authentication request.
-
Method Details
-
validateAuthorizationRequest
com.nimbusds.oauth2.sdk.AuthorizationRequest validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidAuthorizationRequestException Validates the specified OAuth 2.0 authorisation / OpenID authentication request.- Parameters:
authzRequest- The request to perform additional validation on. Can be cast toAuthenticationRequestfor an instance of an OpenID authentication request. Notnull.validatorCtx- The authorisation request validator context. Notnull.- Returns:
- The validated OAuth 2.0 authorisation / OpenID
authentication request. It may be modified. Must not be
null. - Throws:
InvalidAuthorizationRequestException- If the request is rejected.
-