Class OAuth2TokenScopeValidator
java.lang.Object
com.linecorp.armeria.server.auth.oauth2.OAuth2TokenScopeValidator
A helper class that allows handling optional validation of the OAuth 2 token within specific execution
context (e.g. to implement fine-grained access control).
-
Method Summary
Modifier and TypeMethodDescriptionstatic HttpResponse
Returns anHttpResponse
withHttpStatus.FORBIDDEN
result code and formatted error response as below.static boolean
validateScope
(OAuth2TokenDescriptor tokenDescriptor, Set<String> permittedScope) Validates givenOAuth2TokenDescriptor
against permitted scope of the given execution context.static boolean
validateScope
(ServiceRequestContext ctx, Set<String> permittedScope) Validates givenServiceRequestContext
against permitted scope of the given execution context.
-
Method Details
-
validateScope
Validates givenServiceRequestContext
against permitted scope of the given execution context. This operation assumes that there is a validOAuth2TokenDescriptor
attached toServiceRequestContext
by the OAuth 2 subsystem.- Parameters:
ctx
-ServiceRequestContext
that contains validOAuth2TokenDescriptor
.permittedScope
- ASet
of scope tokens (roles) to validate against. ThisSet
could be empty, which means that any valid token will be permitted.- Returns:
true
if theOAuth2TokenDescriptor
includes non-empty scope, which contains all elements of thepermittedScope
.
-
validateScope
public static boolean validateScope(OAuth2TokenDescriptor tokenDescriptor, Set<String> permittedScope) Validates givenOAuth2TokenDescriptor
against permitted scope of the given execution context.- Parameters:
tokenDescriptor
- An instance ofOAuth2TokenDescriptor
to validate.permittedScope
- ASet
of scope tokens (roles) to validate against. ThisSet
could be empty, which means that any valid token will be permitted.- Returns:
true
if theOAuth2TokenDescriptor
includes non-empty scope, which contains all elements of thepermittedScope
.
-
insufficientScopeErrorResponse
Returns anHttpResponse
withHttpStatus.FORBIDDEN
result code and formatted error response as below.HTTP/1.1 403 Forbidden Content-Type: application/json;charset=UTF-8 {"error":"insufficient_scope"}
This response indicates that the request requires higher privileges than provided by the access token. The resource server SHOULD respond with the HTTP 403 (Forbidden) status code and MAY include the "scope" attribute with the scope necessary to access the protected resource.
-