MCPcopy
hub / github.com/zitadel/oidc / ValidateAccessTokenRequest

Function ValidateAccessTokenRequest

pkg/op/token_code.go:51–69  ·  view source on GitHub ↗

ValidateAccessTokenRequest validates the token request parameters including authorization check of the client and returns the previous created auth request corresponding to the auth code

(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger)

Source from the content-addressed store, hash-verified

49// ValidateAccessTokenRequest validates the token request parameters including authorization check of the client
50// and returns the previous created auth request corresponding to the auth code
51func ValidateAccessTokenRequest(ctx context.Context, tokenReq *oidc.AccessTokenRequest, exchanger Exchanger) (AuthRequest, Client, error) {
52 ctx, span := Tracer.Start(ctx, "ValidateAccessTokenRequest")
53 defer span.End()
54
55 authReq, client, err := AuthorizeCodeClient(ctx, tokenReq, exchanger)
56 if err != nil {
57 return nil, nil, err
58 }
59 if client.GetID() != authReq.GetClientID() {
60 return nil, nil, oidc.ErrInvalidGrant()
61 }
62 if !ValidateGrantType(client, oidc.GrantTypeCode) {
63 return nil, nil, oidc.ErrUnauthorizedClient().WithDescription("client missing grant type " + string(oidc.GrantTypeCode))
64 }
65 if tokenReq.RedirectURI != authReq.GetRedirectURI() {
66 return nil, nil, oidc.ErrInvalidGrant().WithDescription("redirect_uri does not correspond")
67 }
68 return authReq, client, nil
69}
70
71// AuthorizeCodeClient checks the authorization of the client and that the used method was the one previously registered.
72// It than returns the auth request corresponding to the auth code

Callers 1

CodeExchangeFunction · 0.85

Calls 8

AuthorizeCodeClientFunction · 0.85
ValidateGrantTypeFunction · 0.85
StartMethod · 0.80
EndMethod · 0.80
WithDescriptionMethod · 0.80
GetIDMethod · 0.65
GetClientIDMethod · 0.65
GetRedirectURIMethod · 0.65

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…