Function validateAuthorizationCode

validateAuthorizationCode(
    __namedParameters: validateAuthorizationCodeParams,
    config: DecryptConfig,
): Promise<
    {
        authorization_code: string;
        code_challenge: string
        | undefined;
        code_challenge_method: string | undefined;
        scope: string;
        sub: string;
    },
>
Decrypts and validates authorization code payload before token exchange.

Why (Security)
Strict code validation blocks forged or stale code exchange attempts.

Specifications
- RFC 6749 (OAuth 2.0 Authorization Framework) Section 4.1.3, token request with authorization code
- RFC 6749 (OAuth 2.0 Authorization Framework) Section 4.1.2, code semantics
- RFC 7636 (Proof Key for Code Exchange by OAuth Public Clients) Section 4.5, PKCE validation prerequisites
Parameters
- __namedParameters: validateAuthorizationCodeParams
- config: DecryptConfig
Returns Promise<
    {
        authorization_code: string;
        code_challenge: string
        | undefined;
        code_challenge_method: string | undefined;
        scope: string;
        sub: string;
    },
>
- Defined in packages/server-core/src/statements/validations/validateAuthorizationCode.ts:24