PingGateway

FapiAuthorizeFilterChain

A filter chain to validate authorize requests and make sure they produce OAuth 2.0 clients that comply with the following FAPI specifications:

Put this filter before other filters to reject requests that would result in creating an OAuth 2.0 client that doesn’t comply with the FAPI specifications.

Usage

{
    "name": string,
    "type": "FapiAuthorizeFilterChain",
    "config": {
        "forwardedHost": string,
        "apiClientService": ApiClientService reference,
        "auditService": AuditService reference
    }
}

Properties

"forwardedHost": string, required

The forwarded host added to the endpoint request.

"apiClientService": ApiClientService reference, required

The ApiClientService to retrieve the API client, such as an IdmApiClientService.

"auditService": AuditService reference, optional

The AuditService to record audit events. Provide either the name of an AuditService object defined in the heap or an inline AuditService configuration object.

Default: No audit service.

Example

{
    "name": "fapiAuthorizeFilterChain",
    "type": "FapiAuthorizeFilterChain",
    "config": {
        "forwardedHost" : "&{as.fqdn}"
    }
}