OIDCTokenRequestValidationValve
Verifies a call from a relying party, that the necessary data has been created by the initial authentication. The call must have been preceded by a successful OpenID Connect authentication.
NOTE: This valve is important in terms of security!
Example Configuration
{
"name": "OIDCTokenRequestValidationValve",
"enabled": "true",
"config": {
}
}
- Session must be present in the flow. Loaded by prior execution.
- Request must contain parameter client_id, code & redirect_uri.
- The loaded session must contain an item matching the client_id. Typically, this is generated by the initial authentication.
- Parameter code must match the value with the same name provided by the authentication response in the initial authentication.
- Parameter redirect_uri must match the value with the same name provided by the relying party in the initial authentication.