Interface ScopeValidator
-
- All Superinterfaces:
org.forgerock.oauth2.core.plugins.OAuth2Plugin
- All Known Subinterfaces:
ScopeValidator
@Supported public interface ScopeValidator extends org.forgerock.oauth2.core.plugins.OAuth2Plugin
A plugin or (extension point) that allows the OAuth2 provider to customise the set of requested scopes for authorize, access token, refresh token and back channel authorize requests.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description Set<String>validateAccessTokenScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> scope, OAuth2Request request)Provided as an extension point to allow the OAuth2 provider to customise the scopes requested when an access token is requested.Set<String>validateAuthorizationScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> scope, OAuth2Request request)Provided as an extension point to allow the OAuth2 provider to customise the scopes requested when authorization is requested.Set<String>validateBackChannelAuthorizationScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> requestedScopes, OAuth2Request request)Provided as an extension point to allow the OAuth2 provider to customize the scopes requested when performing a client initiated back channel authentication.Set<String>validateRefreshTokenScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> requestedScope, Set<String> tokenScope, OAuth2Request request)Provided as an extension point to allow the OAuth2 provider to customise the scopes requested when a refresh token is requested.
-
-
-
Method Detail
-
validateAuthorizationScope
@Supported Set<String> validateAuthorizationScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> scope, OAuth2Request request) throws org.forgerock.oauth2.core.exceptions.InvalidScopeException, org.forgerock.oauth2.core.exceptions.ServerException
Provided as an extension point to allow the OAuth2 provider to customise the scopes requested when authorization is requested.- Parameters:
clientRegistration- The client registration.scope- The requested scope.request- The OAuth2 request.- Returns:
- The updated scope used in the remaining OAuth2 process.
- Throws:
org.forgerock.oauth2.core.exceptions.InvalidScopeException- If the requested scope is invalid, unknown, or malformed.org.forgerock.oauth2.core.exceptions.ServerException- If any internal server error occurs.
-
validateAccessTokenScope
@Supported Set<String> validateAccessTokenScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> scope, OAuth2Request request) throws org.forgerock.oauth2.core.exceptions.InvalidScopeException, org.forgerock.oauth2.core.exceptions.ServerException
Provided as an extension point to allow the OAuth2 provider to customise the scopes requested when an access token is requested.- Parameters:
clientRegistration- The client registration.scope- The requested scope.request- The OAuth2 request.- Returns:
- The updated scope used in the remaining OAuth2 process.
- Throws:
org.forgerock.oauth2.core.exceptions.InvalidScopeException- If the requested scope is invalid, unknown, or malformed.org.forgerock.oauth2.core.exceptions.ServerException- If any internal server error occurs.
-
validateRefreshTokenScope
@Supported Set<String> validateRefreshTokenScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> requestedScope, Set<String> tokenScope, OAuth2Request request) throws org.forgerock.oauth2.core.exceptions.ServerException, org.forgerock.oauth2.core.exceptions.InvalidScopeException
Provided as an extension point to allow the OAuth2 provider to customise the scopes requested when a refresh token is requested.- Parameters:
clientRegistration- The client registration.requestedScope- The requested scope.tokenScope- The scope from the access token.request- The OAuth2 request.- Returns:
- The updated scope used in the remaining OAuth2 process.
- Throws:
org.forgerock.oauth2.core.exceptions.InvalidScopeException- If the requested scope is invalid, unknown, or malformed.org.forgerock.oauth2.core.exceptions.ServerException- If any internal server error occurs.
-
validateBackChannelAuthorizationScope
@Supported Set<String> validateBackChannelAuthorizationScope(org.forgerock.oauth2.core.ClientRegistration clientRegistration, Set<String> requestedScopes, OAuth2Request request) throws org.forgerock.oauth2.core.exceptions.InvalidScopeException, org.forgerock.oauth2.core.exceptions.ServerException
Provided as an extension point to allow the OAuth2 provider to customize the scopes requested when performing a client initiated back channel authentication.- Parameters:
clientRegistration- The client registration.requestedScopes- The requested scope.request- The OAuth2 request.- Returns:
- The updated scope used in the remaining OAuth2 process.
- Throws:
org.forgerock.oauth2.core.exceptions.InvalidScopeException- If the requested scope is invalid, unknown or malformed.org.forgerock.oauth2.core.exceptions.ServerException- If any internal server error occurs.
-
-