Package org.keycloak.protocol.oidc.endpoints.request

Class AuthzEndpointRequestParser

java.lang.Object
org.keycloak.protocol.oidc.endpoints.request.AuthzEndpointRequestParser
Direct Known Subclasses:
AuthzEndpointParParser, AuthzEndpointQueryStringParser, AuthzEndpointRequestObjectParser
public abstract class AuthzEndpointRequestParser extends Object
This endpoint parser supports, per default, up to 5 parameters with each having a total size of 2000. If there are more authentication request parameters, or a parameter has a size than allowed, those parameters are silently ignored.

You can toggle the behavior by setting (additionalReqParamsFailFast) that enables the fail-fast principle. Any request parameter in violation of the configuration results in an error response, e.g.,

  • for a Pushed Authorization Request (PAR) this results in a JSON response.
  • For openid/auth in an error page with an "Back to Application" button using the client's base URL. (if valid) as redirect target.

Additionally, (additionalReqParamMaxOverallSize) can be configured that sets the maximum of size of all parameters combined. If not provided, Integer.MAX_VALUE will be used.

Author:
Manuel Schallar, Marek Posolda

  • Field Details

    • config

      protected final OIDCProviderConfig config

    • additionalReqParamsMaxNumber

      protected final int additionalReqParamsMaxNumber

    • additionalReqParamsMaxSize

      protected final int additionalReqParamsMaxSize

    • additionalReqParamsFailFast

      protected final boolean additionalReqParamsFailFast

    • additionalReqParamsMaxOverallSize

      protected final int additionalReqParamsMaxOverallSize

    • AUTHZ_REQUEST_OBJECT

      public static final String AUTHZ_REQUEST_OBJECT
      See Also:

    • AUTHZ_REQUEST_OBJECT_ENCRYPTED

      public static final String AUTHZ_REQUEST_OBJECT_ENCRYPTED
      See Also:

    • KNOWN_REQ_PARAMS

      public static final Set<String> KNOWN_REQ_PARAMS
      Set of known protocol GET params not to be stored into additionalReqParams}

  • Constructor Details

    • AuthzEndpointRequestParser

      protected AuthzEndpointRequestParser(KeycloakSession keycloakSession)

  • Method Details

    • parseRequest

      public void parseRequest(AuthorizationEndpointRequest request)

    • validateResponseTypeParameter

      protected void validateResponseTypeParameter(String responseTypeParameter, AuthorizationEndpointRequest request)

    • extractAdditionalReqParams

      protected void extractAdditionalReqParams(Map<String,String> additionalReqParams)

    • replaceIfNotNull

      protected <T> T replaceIfNotNull(T previousVal, T newVal)

    • getAndValidateParameter

      protected String getAndValidateParameter(String paramName)

    • getParameter

      protected abstract String getParameter(String paramName)

    • getIntParameter

      protected abstract Integer getIntParameter(String paramName)

    • keySet

      protected abstract Set<String> keySet()