Package com.nimbusds.oauth2.sdk.client

Class RedirectURIValidator

java.lang.Object

com.nimbusds.oauth2.sdk.client.RedirectURIValidator

public final class RedirectURIValidator
extends Object

Redirection URI validator.

Field Summary

Fields

Modifier and Type	Field	Description
static final Set<String>	PROHIBITED_REDIRECT_URI_QUERY_PARAMETER_NAMES	Prohibited redirect_uri query parameters.
static final Set<String>	PROHIBITED_REDIRECT_URI_SCHEMES	Prohibited redirect_uri schemes.

Method Summary

Modifier and Type	Method	Description
static void	ensureLegal(URI redirectURI)	Ensures the specified redirection URI is legal.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

PROHIBITED_REDIRECT_URI_SCHEMES

public static final Set<String> PROHIBITED_REDIRECT_URI_SCHEMES

Prohibited redirect_uri schemes. See https://security.lauritz-holtmann.de/post/sso-security-redirect-uri/.

PROHIBITED_REDIRECT_URI_QUERY_PARAMETER_NAMES

public static final Set<String> PROHIBITED_REDIRECT_URI_QUERY_PARAMETER_NAMES

Prohibited redirect_uri query parameters. See "OAuth 2.0 Redirect URI Validation Falls Short, Literally", by Tommaso Innocenti, Matteo Golinelli, Kaan Onarlioglu, Bruno Crispo, Engin Kirda. Presented at OAuth Security Workshop 2023.

Method Details

ensureLegal

public static void ensureLegal(URI redirectURI)

Ensures the specified redirection URI is legal.

The URI:

• Must not contain fragment;
• Must not have a prohibited URI scheme;
• Must not have a prohibited query parameter.

Parameters:

redirectURI - The redirect URI to check, null if not specified.

Throws:

IllegalArgumentException - If the redirection URI is illegal.