java.lang.Object
- net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
- - org.opensaml.profile.action.AbstractProfileAction
  - - org.opensaml.profile.action.AbstractConditionalProfileAction
    - - net.shibboleth.idp.profile.AbstractProfileAction
      - net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction<com.nimbusds.openid.connect.sdk.AuthenticationRequest>
        
        net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationRequestAction
        
        net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction
        
        net.shibboleth.idp.plugin.oidc.op.profile.impl.ValidateCodeChallenge

All Implemented Interfaces:

Component, DestructableComponent, InitializableComponent, ProfileAction, Aware, MessageSource, MessageSourceAware, Action
```
public class ValidateCodeChallenge
extends AbstractOIDCAuthenticationResponseAction
```
Validates the presence of PKCE code challenge parameter from the incoming authentication request.

Field Summary

Fields
Modifier and Type	Field	Description
`private Predicate<ProfileRequestContext>`	`allowPKCEPlainCondition`	Strategy used to determine whether to allow plaintext PKCE.
`private String`	`codeChallenge`	PKCE code challenge.
`private Function<ProfileRequestContext,String>`	`codeChallengeLookupStrategy`	Strategy used to locate the code challenge.
`private String`	`codeChallengeMethod`	PKCE code challenge method.
`private Function<ProfileRequestContext,String>`	`codeChallengeMethodLookupStrategy`	Strategy used to locate the code challenge method.
`private boolean`	`forcePKCE`	Whether PKCE is mandatory.
`private Predicate<ProfileRequestContext>`	`forcePKCECondition`	Strategy used to determine whether to require PKCE.
`private org.slf4j.Logger`	`log`	Class logger.
`private boolean`	`plainPKCE`	Whether plain PKCE is allowed.

Constructor Summary

Constructors
Constructor Description

ValidateCodeChallenge()
Constructor.

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method	Description
`protected void`	`doExecute(ProfileRequestContext profileRequestContext)`
`protected boolean`	`doPreExecute(ProfileRequestContext profileRequestContext)`
`void`	`setAllowPKCEPlainCondition(Predicate<ProfileRequestContext> condition)`	Set the condition used to determine whether to allow plaintext PKCE.
`void`	`setCodeChallengeLookupStrategy(Function<ProfileRequestContext,String> strategy)`	Set the strategy used to locate the Code Challenge of the request.
`void`	`setCodeChallengeMethodLookupStrategy(Function<ProfileRequestContext,String> strategy)`	Set the strategy used to locate the Code Challenge Method of the request.
`void`	`setForcePKCECondition(Predicate<ProfileRequestContext> condition)`	Set the condition used to determine whether to require PKCE.

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction
getMetadataContext, getOidcResponseContext

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationRequestAction
getAuthenticationRequest

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction
getRequest

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction
doExecute, execute, getMessage, getMessage, getMessage, getProfileContextLookupStrategy, getRequestContext, getResult, setMessageSource, setProfileContextLookupStrategy

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction
getActivationCondition, setActivationCondition

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction
doPostExecute, doPostExecute, execute, getHttpServletRequest, getHttpServletResponse, getLogPrefix, setHttpServletRequest, setHttpServletResponse

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent
destroy, doDestroy, doInitialize, initialize, isDestroyed, isInitialized

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent
initialize, isInitialized

Field Detail

log
```
@Nonnull
private org.slf4j.Logger log
```
Class logger.

forcePKCECondition

@Nonnull
private Predicate<ProfileRequestContext> forcePKCECondition

Strategy used to determine whether to require PKCE.

allowPKCEPlainCondition
```
@Nonnull
private Predicate<ProfileRequestContext> allowPKCEPlainCondition
```
Strategy used to determine whether to allow plaintext PKCE.

codeChallengeLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> codeChallengeLookupStrategy

Strategy used to locate the code challenge.

codeChallengeMethodLookupStrategy

@Nonnull
private Function<ProfileRequestContext,String> codeChallengeMethodLookupStrategy

Strategy used to locate the code challenge method.

forcePKCE
```
private boolean forcePKCE
```
Whether PKCE is mandatory.

plainPKCE
```
private boolean plainPKCE
```
Whether plain PKCE is allowed.

codeChallenge
```
@Nullable
private String codeChallenge
```
PKCE code challenge.

codeChallengeMethod

@Nullable
private String codeChallengeMethod

PKCE code challenge method.

Constructor Detail
- ValidateCodeChallenge
```
public ValidateCodeChallenge()
```
  Constructor.

Method Detail

setForcePKCECondition

public void setForcePKCECondition(@Nonnull
                                  Predicate<ProfileRequestContext> condition)

Set the condition used to determine whether to require PKCE.

Parameters:: condition - condition to apply

setAllowPKCEPlainCondition

public void setAllowPKCEPlainCondition(@Nonnull
                                       Predicate<ProfileRequestContext> condition)

Set the condition used to determine whether to allow plaintext PKCE.

Parameters:: condition - condition to apply

setCodeChallengeLookupStrategy

public void setCodeChallengeLookupStrategy(@Nonnull
                                           Function<ProfileRequestContext,String> strategy)

Set the strategy used to locate the Code Challenge of the request.

Parameters:: strategy - lookup strategy

setCodeChallengeMethodLookupStrategy

public void setCodeChallengeMethodLookupStrategy(@Nonnull
                                                 Function<ProfileRequestContext,String> strategy)

Set the strategy used to locate the Code Challenge Method of the request.

Parameters:: strategy - lookup strategy

doPreExecute

protected boolean doPreExecute(@Nonnull
                               ProfileRequestContext profileRequestContext)

Overrides:: doPreExecute in class AbstractOIDCAuthenticationResponseAction

doExecute

protected void doExecute(@Nonnull
                         ProfileRequestContext profileRequestContext)

Overrides:: doExecute in class AbstractProfileAction

Class ValidateCodeChallenge

Field Summary

Constructor Summary

Method Summary

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationResponseAction

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCAuthenticationRequestAction

Methods inherited from class net.shibboleth.idp.plugin.oidc.op.profile.impl.AbstractOIDCRequestAction

Methods inherited from class net.shibboleth.idp.profile.AbstractProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractConditionalProfileAction

Methods inherited from class org.opensaml.profile.action.AbstractProfileAction

Methods inherited from class net.shibboleth.utilities.java.support.component.AbstractInitializableComponent

Methods inherited from class java.lang.Object

Methods inherited from interface net.shibboleth.utilities.java.support.component.InitializableComponent

Field Detail

log

forcePKCECondition

allowPKCEPlainCondition

codeChallengeLookupStrategy

codeChallengeMethodLookupStrategy

forcePKCE

plainPKCE

codeChallenge