Closed yuriyz closed 3 years ago
Validation code will be added to io.jans.as.server.service.external.context.DynamicClientRegistrationContext
.
Idea is to have different validation and common methods inside context which is easy to call from custom script.
E.g. in custom script context.validateSSA()
which can perform all common validations.
Lets say customer does not wish to perform all SSA validations and wish only SSA redirect_uris validation, then it will look like:
context.validateSSARedirectUri()
.
validateSSA()
- must perform all common validation, e.g. issuer validations, redirect_uri validations. It encapsulates other validation methodsvalidateSSARedirectUri()
- validates SSA redirect uris matches to request redirect uris.validateSSAIssuer()
- validates SSA issuerpublic void validateSSA() {
validateSSANotNull();
validateSSARedirectUri();
validateIssuer();
...
}
@nynymike @Milton-Ch I've started to work on SSA redirect uri validations for openbanking and it seems to intersect with re-design document https://github.com/JanssenProject/jans-auth-server/wiki/Dynamic-Client-Registration-Re-Design
I guess we can encapsulate most of requirements inside DynamicClientRegistrationContext
and implement in java side, however still allow to modify these "building blocks" from custom script. By default we should perform all common validations. Thoughts?
Implemented. Added to DynamicClientRegistrationContext
following methods :
validateSSA()
- performs all common SSA validation. For now it has validateSSARedirectUri()
but it will be extended with more methods as described in https://github.com/JanssenProject/jans-auth-server/issues/154validateSSARedirectUri()
- performs check whether requested redirect_uris match to SSA redirect_uri's defined in software_redirect_uris
SSA claim.validateSSARedirectUri(String ssaRedirectUriClaimName)
- performs redirect_uris against custom claims name (for case when redirect uris are not in software_redirect_uris
claim within SSA)
Describe the issue
Feat: Validate redirect_uri based on software statement assertion
Support: 9854