@ThreadSafe public interface PARValidator
The validate(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext) method will be called after the Connect2id server
has performed standard validation of the OAuth 2.0 authorisation / OpenID
authentication request, such as such as checking the client_id and
ensuring the client is authorised the use the OAuth 2.0 grant. JWT-secured
authorisation requests (JAR) will be unwrapped / resolved before that.
The validate(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext) method can reject the request by throwing a
GeneralException with an appropriate HTTP status code and error
code. The exception message will be logged and not output to the client.
Example:
throw new GeneralException("Scope not accepted scope", // will be logged
OAuth2Error.INVALID_SCOPE
.setHTTPStatusCode(400)
.setDescription("Scope not accepted: some_scope"));
The resulting HTTP response:
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error" : "invalid_scope",
"error_description" : "Scope not accepted: some_scope"
}
Implementations must be thread-safe.
| Modifier and Type | Method and Description |
|---|---|
void |
validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest,
ValidatorContext validatorCtx)
Validates the specified OAuth 2.0 authorisation / OpenID
authentication request.
|
void validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws com.nimbusds.oauth2.sdk.GeneralException
authzRequest - The request to perform additional validation on.
Not null.validatorCtx - The PAR validator context. Not null.com.nimbusds.oauth2.sdk.GeneralException - If the request is rejected. Should include
an appropriate HTTP status code and error
code.Copyright © 2020 Connect2id Ltd.. All rights reserved.