Package com.nimbusds.openid.connect.provider.spi.clientauth

Interface ClientAuthenticationInterceptor

All Superinterfaces:
Lifecycle
@ThreadSafe public interface ClientAuthenticationInterceptor extends Lifecycle
Service Provider Interface (SPI) for intercepting successful and failed client authentications at all Connect2id server endpoints where such authentication occurs, such as the token, token introspection, token revocation and pushed authorisation request (PAR) endpoints.

Successful client authentications can be subjected to additional checks and rejected with an InvalidClientException to produce an OAuth 2.0 invalid_client error.

Implementations must be thread-safe. Interceptors that emit events should use a separate thread for blocking operations.

  • Method Summary

    Modifier and Type
    Method
    Description
    default void
    interceptError(com.nimbusds.oauth2.sdk.auth.ClientAuthentication clientAuth, com.nimbusds.oauth2.sdk.auth.verifier.InvalidClientException exception, ClientAuthenticationContext ctx)
    Intercepts a failed client authentication.
    default void
    interceptSuccess(com.nimbusds.oauth2.sdk.auth.ClientAuthentication clientAuth, ClientAuthenticationContext ctx)
    Intercepts a successful client authentication.

    Methods inherited from interface com.nimbusds.openid.connect.provider.spi.Lifecycle

    init, isEnabled, shutdown

  • Method Details

    • interceptSuccess

      default void interceptSuccess(com.nimbusds.oauth2.sdk.auth.ClientAuthentication clientAuth, ClientAuthenticationContext ctx) throws com.nimbusds.oauth2.sdk.auth.verifier.InvalidClientException
      Intercepts a successful client authentication. The default implementation takes no action.
      Parameters:
      clientAuth - The client authentication. Not null.
      ctx - The client authentication context. Not null.
      Throws:
      com.nimbusds.oauth2.sdk.auth.verifier.InvalidClientException - To reject the client authentication with an invalid_client error. The exception message will be logged internally and will not be exposed to the client in the invalid_client error description.

    • interceptError

      default void interceptError(com.nimbusds.oauth2.sdk.auth.ClientAuthentication clientAuth, com.nimbusds.oauth2.sdk.auth.verifier.InvalidClientException exception, ClientAuthenticationContext ctx)
      Intercepts a failed client authentication. The default implementation takes no action.
      Parameters:
      clientAuth - The client authentication. Not null.
      exception - The invalid client exception. Not null.
      ctx - The client authentication context. Not null.