FapiAuthorizeFilterChain

A filter chain to validate authorize requests and make sure they produce OAuth 2.0 clients that comply with the following FAPI specifications:

Put this filter before other filters to reject requests that would result in creating an OAuth 2.0 client that doesn’t comply with the FAPI specifications.

Usage

{
    "name": string,
    "type": "FapiAuthorizeFilterChain",
    "config": {
        "forwardedHost": string,
        "apiClientService": ApiClientService reference,
        "auditService": AuditService reference
    }
}

Properties

"forwardedHost": string, required: The forwarded host added to the endpoint request.
"apiClientService": ApiClientService reference, required: The ApiClientService to retrieve the API client, such as an IdmApiClientService.
"auditService": AuditService reference, optional: The AuditService to record audit events. Provide either the name of an AuditService object defined in the heap or an inline AuditService configuration object.

Default: No audit service.

Example

{
    "name": "fapiAuthorizeFilterChain",
    "type": "FapiAuthorizeFilterChain",
    "config": {
        "forwardedHost" : "&{as.fqdn}"
    }
}

More information

org.forgerock.openig.fapi.authorization.authorize.FapiAuthorizeFilterChainHeaplet