@ThreadSafe public interface PARValidator
The validate(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)
method will be called after the Connect2id server
has performed standard validation of the OAuth 2.0 authorisation / OpenID
authentication request, such as such as checking the client_id
and
ensuring the client is authorised the use the OAuth 2.0 grant. JWT-secured
authorisation requests (JAR) will be unwrapped / resolved before that.
The validate(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.par.ValidatorContext)
method can reject the request by throwing a
GeneralException
with an appropriate HTTP status code and error
code. The exception message will be logged and not output to the client.
Example:
throw new GeneralException("Scope not accepted scope", // will be logged OAuth2Error.INVALID_SCOPE .setHTTPStatusCode(400) .setDescription("Scope not accepted: some_scope"));The resulting HTTP response:
HTTP/1.1 400 Bad Request Content-Type: application/json;charset=UTF-8 Cache-Control: no-store Pragma: no-cache { "error" : "invalid_scope", "error_description" : "Scope not accepted: some_scope" }
Implementations must be thread-safe.
Modifier and Type | Method and Description |
---|---|
void |
validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest,
ValidatorContext validatorCtx)
Validates the specified OAuth 2.0 authorisation / OpenID
authentication request.
|
void validate(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws com.nimbusds.oauth2.sdk.GeneralException
authzRequest
- The request to perform additional validation on.
Not null
.validatorCtx
- The PAR validator context. Not null
.com.nimbusds.oauth2.sdk.GeneralException
- If the request is rejected. Should include
an appropriate HTTP status code and error
code.Copyright © 2021 Connect2id Ltd.. All rights reserved.