Function validateRequestUri

validateRequestUri(
    __namedParameters: validateRequestUriParams,
    config: DecryptConfig,
): Promise<
    {
        authorization_request: {
            client_id: string
            | undefined;
            code_challenge: string | undefined;
            code_challenge_method: string | undefined;
            issuer_state: string | undefined;
            redirect_uri: string;
            response_type: string;
            scope: string | undefined;
            state: string | undefined;
        };
        request_uri: string;
    },
>
Validates request_uri format and decrypts authorization request object content.

Why (Security)
request_uri validation prevents unauthorized request object injection and mixups.

Specifications
- RFC 9126 (OAuth 2.0 Pushed Authorization Requests), request_uri lifecycle in PAR
- RFC 6749 (OAuth 2.0 Authorization Framework) Section 4.1.1, authorization request parameter set
- JWT-secured authorization request object validation
Parameters
- __namedParameters: validateRequestUriParams
- config: DecryptConfig
Returns Promise<
    {
        authorization_request: {
            client_id: string
            | undefined;
            code_challenge: string | undefined;
            code_challenge_method: string | undefined;
            issuer_state: string | undefined;
            redirect_uri: string;
            response_type: string;
            scope: string | undefined;
            state: string | undefined;
        };
        request_uri: string;
    },
>
- Defined in packages/server-core/src/statements/validations/validateRequestUri.ts:23

Function validateRequestUri

Why (Security)

Specifications

Parameters

Settings

On This Page