Skip to content

Commit

Permalink
Merge pull request #275 from JanssenProject/yuriyz_253
Browse files Browse the repository at this point in the history 
fix: pkce check has to be done after request object validation (FAPI OB)
  • Loading branch information
@yuriyz
yuriyz authored Oct 19, 2021
2 parents c08cda3 + 5af05cd commit ec859b6
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion server/src/main/java/io/jans/as/server/par/ws/rs/ParRestWebService.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,6 @@ public Response requestPushedAuthorizationRequest(
redirectUriResponse.setFapiCompatible(appConfiguration.isFapi());

parValidator.validateRequestUriIsAbsent(requestUri);
authorizeRestWebServiceValidator.validatePkce(codeChallenge, redirectUriResponse);

final Integer parLifetime = client.getAttributes().getParLifetime();

Expand Down Expand Up @@ -167,6 +166,7 @@ public Response requestPushedAuthorizationRequest(
par.getAttributes().setCustomParameters(requestParameterService.getCustomParameters(QueryStringDecoder.decode(httpRequest.getQueryString())));

parValidator.validateRequestObject(redirectUriResponse, par, client);
authorizeRestWebServiceValidator.validatePkce(codeChallenge, redirectUriResponse);

parService.persist(par);

Expand Down

0 comments on commit ec859b6

Please sign in to comment.