Interface AuthorizationRequestValidator
-
- All Superinterfaces:
Lifecycle
@ThreadSafe public interface AuthorizationRequestValidator extends Lifecycle
Service Provider Interface (SPI) for performing additional validation of OAuth 2.0 authorisation / OpenID authentication requests.The
validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method will be called after the Connect2id server has performed standard validation of the OAuth 2.0 authorisation / OpenID authentication request, such as checking theclient_id
andredirect_uri
. JWT-secured authorisation requests (JAR) will be unwrapped / resolved before that. The original raw request can be obtained from thecontext
.The validated request can be returned modified. Modifications should be limited to optional parameters. Parameters such as
client_id
,response_type
,redirect_uri
andstate
must not be modified.The
validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest, com.nimbusds.openid.connect.provider.spi.authz.ValidatorContext)
method can reject the request by throwing aInvalidAuthorizationRequestException
with an appropriate error code and optional description. When the request is rejected the redirection back to the OAuth 2.0 client can also optionally be disabled.Example:
throw new InvalidAuthorizationRequestException( "Scope not accepted", // will be logged OAuth2Error.INVALID_SCOPE.setDescription("Scope not accepted: some_scope"), false // redirection not disabled );
Example resulting response:
HTTP/1.1 302 Found Location: https://client.example.com/cb? error=invalid_scope &error_description=Scope%20not%20accepted%3A%20some_scope &state=UeFi0Eu3siPaJahl
Implementations must be thread-safe.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description com.nimbusds.oauth2.sdk.AuthorizationRequest
validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx)
Validates the specified OAuth 2.0 authorisation / OpenID authentication request.
-
-
-
Method Detail
-
validateAuthorizationRequest
com.nimbusds.oauth2.sdk.AuthorizationRequest validateAuthorizationRequest(com.nimbusds.oauth2.sdk.AuthorizationRequest authzRequest, ValidatorContext validatorCtx) throws InvalidAuthorizationRequestException
Validates the specified OAuth 2.0 authorisation / OpenID authentication request.- Parameters:
authzRequest
- The request to perform additional validation on. Can be cast toAuthenticationRequest
for an instance of an OpenID authentication request. Notnull
.validatorCtx
- The authorisation request validator context. Notnull
.- Returns:
- The validated OAuth 2.0 authorisation / OpenID
authentication request. It may be modified. Must not be
null
. - Throws:
InvalidAuthorizationRequestException
- If the request is rejected.
-
-