// Required in OIDC
URI redirectURI = ar.getRedirectionURI();
if (redirectURI == null)
throw new ParseException("Missing \"redirect_uri\" parameter",
OAuth2Error.INVALID_REQUEST, clientID, null, state);
ResponseType rt = ar.getResponseType();
try {
OIDCResponseTypeValidator.validate(rt);
} catch (IllegalArgumentException e) {
throw new ParseException("Unsupported \"response_type\" parameter: " + e.getMessage(),
OAuth2Error.UNSUPPORTED_RESPONSE_TYPE,
clientID, redirectURI, state);
}
// Required in OIDC, must include "openid" parameter
Scope scope = ar.getScope();
if (scope == null)
throw new ParseException("Missing \"scope\" parameter",
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state);
if (! scope.contains(OIDCScopeValue.OPENID))
throw new ParseException("The scope must include an \"openid\" token",
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state);
// Parse the remaining OIDC parameters
Nonce nonce = Nonce.parse(params.get("nonce"));
// Nonce required in implicit flow
if (rt.impliesImplicitFlow() && nonce == null)
throw new ParseException("Missing \"nonce\" parameter: Required in implicit flow",
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state);
Display display;
try {
display = Display.parse(params.get("display"));
} catch (ParseException e) {
throw new ParseException("Invalid \"display\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
Prompt prompt;
try {
prompt = Prompt.parse(params.get("prompt"));
} catch (ParseException e) {
throw new ParseException("Invalid \"prompt\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
String v = params.get("max_age");
int maxAge = 0;
if (StringUtils.isNotBlank(v)) {
try {
maxAge = Integer.parseInt(v);
} catch (NumberFormatException e) {
throw new ParseException("Invalid \"max_age\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
}
v = params.get("ui_locales");
List<LangTag> uiLocales = null;
if (StringUtils.isNotBlank(v)) {
uiLocales = new LinkedList<>();
StringTokenizer st = new StringTokenizer(v, " ");
while (st.hasMoreTokens()) {
try {
uiLocales.add(LangTag.parse(st.nextToken()));
} catch (LangTagException e) {
throw new ParseException("Invalid \"ui_locales\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
}
}
v = params.get("claims_locales");
List<LangTag> claimsLocales = null;
if (StringUtils.isNotBlank(v)) {
claimsLocales = new LinkedList<>();
StringTokenizer st = new StringTokenizer(v, " ");
while (st.hasMoreTokens()) {
try {
claimsLocales.add(LangTag.parse(st.nextToken()));
} catch (LangTagException e) {
throw new ParseException("Invalid \"claims_locales\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
}
}
v = params.get("id_token_hint");
JWT idTokenHint = null;
if (StringUtils.isNotBlank(v)) {
try {
idTokenHint = JWTParser.parse(v);
} catch (java.text.ParseException e) {
throw new ParseException("Invalid \"id_token_hint\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
}
String loginHint = params.get("login_hint");
v = params.get("acr_values");
List<ACR> acrValues = null;
if (StringUtils.isNotBlank(v)) {
acrValues = new LinkedList<>();
StringTokenizer st = new StringTokenizer(v, " ");
while (st.hasMoreTokens()) {
acrValues.add(new ACR(st.nextToken()));
}
}
v = params.get("claims");
ClaimsRequest claims = null;
if (StringUtils.isNotBlank(v)) {
JSONObject jsonObject;
try {
jsonObject = JSONObjectUtils.parseJSONObject(v);
} catch (ParseException e) {
throw new ParseException("Invalid \"claims\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
// Parse exceptions silently ignored
claims = ClaimsRequest.parse(jsonObject);
}
v = params.get("request_uri");
URI requestURI = null;
if (StringUtils.isNotBlank(v)) {
try {
requestURI = new URI(v);
} catch (URISyntaxException e) {
throw new ParseException("Invalid \"request_uri\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
}
v = params.get("request");
JWT requestObject = null;
if (StringUtils.isNotBlank(v)) {
// request_object and request_uri must not be defined at the same time
if (requestURI != null) {
throw new ParseException("Invalid request: Found mutually exclusive \"request\" and \"request_uri\" parameters",
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, null);
}
try {
requestObject = JWTParser.parse(v);
} catch (java.text.ParseException e) {
throw new ParseException("Invalid \"request_object\" parameter: " + e.getMessage(),
OAuth2Error.INVALID_REQUEST,
clientID, redirectURI, state, e);
}
}