Interface PARValidator
- All Superinterfaces:
Lifecycle
The validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext) method will be called
after the Connect2id server has performed standard validation of the OAuth
2.0 authorisation / OpenID authentication request, such as checking the
client_id and ensuring the client is authorised to use the OAuth 2.0
grant. JWT-secured authorisation requests (JAR) will be unwrapped / resolved
before that. The original raw request can be obtained from the
context.
The validated request can be returned modified. Modifications should be
limited to optional parameters. Parameters such as client_id,
response_type, redirect_uri and state must not be
modified.
The validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext) method can reject the
request by throwing an InvalidPushedAuthorizationRequestException
with an appropriate HTTP status code and error code. The exception message
will be logged and not output to the client.
Example:
throw new InvalidPARException("Scope not accepted scope", // will be logged
OAuth2Error.INVALID_SCOPE
.setHTTPStatusCode(400)
.setDescription("Scope not accepted: some_scope"));
The resulting HTTP response:
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error" : "invalid_scope",
"error_description" : "Scope not accepted: some_scope"
}
Implementations must be thread-safe.
-
Method Summary
Modifier and TypeMethodDescriptiondefault voidvalidate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) Deprecated.default com.nimbusds.oauth2.sdk.AuthorizationRequestvalidatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) Validates the specified OAuth 2.0 authorisation / OpenID authentication request.
-
Method Details
-
validate
@Deprecated default void validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws com.nimbusds.oauth2.sdk.GeneralException Deprecated.Validates the specified OAuth 2.0 authorisation / OpenID authentication request.Deprecated, use
validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)instead.- Parameters:
authzRequest- The request to perform additional validation on. Can be cast toAuthenticationRequestfor an instance of an OpenID authentication request. Notnull.validatorCtx- The PAR validator context. Notnull.- Throws:
com.nimbusds.oauth2.sdk.GeneralException- If the request is rejected. Should include an appropriate HTTP status and error code.
-
validatePushedAuthorizationRequest
default com.nimbusds.oauth2.sdk.AuthorizationRequest validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidPushedAuthorizationRequestException Validates the specified OAuth 2.0 authorisation / OpenID authentication request.- Parameters:
authzRequest- The request to perform additional validation on. Can be cast toAuthenticationRequestfor an instance of an OpenID authentication request. Notnull.validatorCtx- The PAR validator context. Notnull.- Returns:
- The validated OAuth 2.0 authorisation / OpenID
authentication request. It may be modified. Must not be
null. - Throws:
InvalidPushedAuthorizationRequestException- If the request is rejected.
-