Interface PARValidator
-
- All Superinterfaces:
Lifecycle
@ThreadSafe public interface PARValidator extends Lifecycle
Service Provider Interface (SPI) for performing additional validation of Pushed Authorisation Requests (PAR).The
validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)method will be called after the Connect2id server has performed standard validation of the OAuth 2.0 authorisation / OpenID authentication request, such as such as checking theclient_idand ensuring the client is authorised to use the OAuth 2.0 grant. JWT-secured authorisation requests (JAR) will be unwrapped / resolved before that.The validated request can be returned modified. Modifications should be limited to optional parameters. Parameters such as
client_id,response_type,redirect_uriandstatemust not be modified.The
validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)method can reject the request by throwing anInvalidPushedAuthorizationRequestExceptionwith an appropriate HTTP status code and error code. The exception message will be logged and not output to the client.Example:
throw new InvalidPARException("Scope not accepted scope", // will be logged OAuth2Error.INVALID_SCOPE .setHTTPStatusCode(400) .setDescription("Scope not accepted: some_scope"));The resulting HTTP response:HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error" : "invalid_scope", "error_description" : "Scope not accepted: some_scope" }Implementations must be thread-safe.
-
-
Method Summary
All Methods Instance Methods Default Methods Deprecated Methods Modifier and Type Method Description default voidvalidate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx)Deprecated.default com.nimbusds.oauth2.sdk.AuthorizationRequestvalidatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx)Validates the specified OAuth 2.0 authorisation / OpenID authentication request.
-
-
-
Method Detail
-
validate
@Deprecated default void validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws com.nimbusds.oauth2.sdk.GeneralException
Deprecated.Validates the specified OAuth 2.0 authorisation / OpenID authentication request.Deprecated, use
validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)instead.- Parameters:
authzRequest- The request to perform additional validation on. Can be cast toAuthenticationRequestfor an instance of an OpenID authentication request. Notnull.validatorCtx- The PAR validator context. Notnull.- Throws:
com.nimbusds.oauth2.sdk.GeneralException- If the request is rejected. Should include an appropriate HTTP status and error code.
-
validatePushedAuthorizationRequest
default com.nimbusds.oauth2.sdk.AuthorizationRequest validatePushedAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidPushedAuthorizationRequestException
Validates the specified OAuth 2.0 authorisation / OpenID authentication request.- Parameters:
authzRequest- The request to perform additional validation on. Can be cast toAuthenticationRequestfor an instance of an OpenID authentication request. Notnull.validatorCtx- The PAR validator context. Notnull.- Returns:
- The validated OAuth 2.0 authorisation / OpenID
authentication request. It may be modified. Must not be
null. - Throws:
InvalidPushedAuthorizationRequestException- If the request is rejected.
-
-