vck-openid/at.asitplus.wallet.lib.oauth2/AuthorizationServiceStrategy

AuthorizationServiceStrategy

interface AuthorizationServiceStrategy(source)

Strategy to implement authorization for credential requests (with scope or OpenIdAuthorizationDetails) in SimpleAuthorizationService.

Inheritors

CredentialAuthorizationServiceStrategy

Functions

allCredentialIdentifier

abstract fun allCredentialIdentifier(): Collection<String>

Return all valid credential identifiers for all schemes.

filterScope

abstract fun filterScope(scope: String): String?

Filter the requested scope in the access token request to ones valid for credential issuance

matchAuthorizationDetails

abstract fun matchAuthorizationDetails(authRequest: ClientAuthRequest, tokenRequest: TokenRequestParameters): Set<AuthorizationDetails>

RFC9396. (Ch. 6 paraphrased) Check if TokenRequestParameters.authorizationDetails in tokenRequest have at most the same scope or are implied by ClientAuthRequest.authnDetails in authRequest.

validateAuthorizationDetails

abstract fun validateAuthorizationDetails(authorizationDetails: Collection<AuthorizationDetails>): Set<AuthorizationDetails>

RFC9396. The AS MUST refuse to process any unknown authorization details type or authorization details not conforming to the respective type definition. The AS MUST abort processing and respond with an error invalid_authorization_details to the client if any of the following are true of the objects in the authorizationDetails structure:

validAuthorizationDetails

abstract fun validAuthorizationDetails(): Collection<AuthorizationDetails>

Return all valid authorization details for pre-authorized codes, that the client may use in token requests

validScopes

abstract fun validScopes(): String

Return all valid scopes for pre-authorized codes, that the client may use in token requests