|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||
public interface AuthorizationRequestManager
Strategy for managing AuthorizationRequest instances during a token grant.
| Method Summary | |
|---|---|
AuthorizationRequest |
createAuthorizationRequest(Map<String,String> authorizationParameters)
Create a new AuthorizationRequest extracting all the needed information from the incoming parameter map. |
void |
validateParameters(Map<String,String> parameters,
ClientDetails clientDetails)
Validate the parameters provided by the client. |
| Method Detail |
|---|
AuthorizationRequest createAuthorizationRequest(Map<String,String> authorizationParameters)
AuthorizationRequest extracting all the needed information from the incoming parameter map.
Typical implementations would load the client details from the client id provided and validate the grant type and
scopes, populating any fields in the request that are known only to the authorization server.
authorizationParameters - the parameters in the request
void validateParameters(Map<String,String> parameters,
ClientDetails clientDetails)
Validate the parameters provided by the client. Called by the AuthorizationEndpoint and also by the
TokenEndpoint before a response is sent back to the client. Note that during an authorization code flow
both endpoints will call this method, but the TokenEndpoint in that case has very little if anything to validate
since all the parameters neeeded for the access token were provided to the AuthorizationEndpoint.
Implementations should at a minimum check that the scope values requested are legal for the client.
parameters - the request parametersclientDetails - the client requesting the token
|
||||||||||
| PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
| SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD | |||||||||