Skip to content

Extract Validation/Authentication Logic in AuthorizationCodeAuthenticationProcessingFilter #4590

New issue
New issue
Closed
Closed
Extract Validation/Authentication Logic in AuthorizationCodeAuthenticationProcessingFilter#4590
Assignees
jgrandja
Labels
in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)
Milestone
 
5.0.0.RC1
@rwinch

Description

@rwinch
rwinch
opened on Sep 29, 2017

Summary

There is quite a bit of logic in the AuthorizationCodeAuthenticationProcessingFilter which is considered validation or authentication. For example:

ErrorResponseAttributes authorizationError = this.errorResponseConverter.apply(request);
if (authorizationError != null) {
    OAuth2Error oauth2Error = new OAuth2Error(authorizationError.getErrorCode(),
    authorizationError.getDescription(), authorizationError.getUri());
    this.getAuthorizationRequestRepository().removeAuthorizationRequest(request);
    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}
if (!authorizationRequest.getState().equals(state)) {
    OAuth2Error oauth2Error = new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE);
    throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}

if (!request.getRequestURL().toString().equals(authorizationRequest.getRedirectUri())) {
     OAuth2Error oauth2Error = new OAuth2Error(INVALID_REDIRECT_URI_PARAMETER_ERROR_CODE);
     throw new OAuth2AuthenticationException(oauth2Error, oauth2Error.toString());
}

We should try to provide a richer Authentication object to the AuthenticationManager and allow it to validate the response entirely.

Metadata

Metadata

Assignees

Labels

in: oauth2An issue in OAuth2 modules (oauth2-core, oauth2-client, oauth2-resource-server, oauth2-jose)

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions