OIDCTokenRequestValidationValve
Verifies a call from a relying party that the necessary data has been created by the initial authentication The call must have been preceded by a successful OpenID Connect authentication.
This valve is important in terms o security!
Properties
Example Configuration
{
"name": "OIDCTokenRequestValidationValve",
"enabled": "true",
"config": {
}
}Requirements
- Session must be present in the flow. Loaded by prior execution.
- Request must contain paramter client_id, code & redirect_uri.
- The loaded session must contain an item matching the client_id. Typically this is generated by the initial authentication.
- Parameter code must match the value with the same name provided by the authentication response in the initial authentication.
- Parameter redirect_uri must match the value with the same name provided by the relying party in the initial authentication.
General information
The session loaded is expected to contain an item generated by the authentication. This valve will copy the entire item from session to the flow for possible futere use. The id of item the will be copied to an item parameter, subject_id.