Older versionPhenixID server 2.6OpenID ConnectOIDCTokenRequestValidationValve

OIDCTokenRequestValidationValve

Verifies a call from a relying party that the necessary data has been created by the initial authentication  The call must have been preceded by a successful OpenID Connect authentication. 

This valve is important in terms o security!

Properties

Name Description Default value Mandatory Supports property expansion

Example Configuration

{      
  "name": "OIDCTokenRequestValidationValve",
  "enabled": "true",
  "config": {
  }
}

Requirements

  • Session must be present in the flow. Loaded by prior execution.
  • Request must contain paramter client_id, code & redirect_uri.
  • The loaded session must contain an item matching the client_id. Typically this is generated by the initial authentication.
  •  Parameter code must match the value with the same name provided by the authentication response in the initial authentication. 
  • Parameter redirect_uri  must match the value with the same name provided by the relying party in the initial authentication. 

General information

The session loaded is expected to contain an item generated by the authentication. This valve will copy the entire item from session to the flow for possible futere use. The id of item the will be copied to an item parameter, subject_id.