Move PAR request validation logic before authenticaiton validation

wso2 · Nov 13, 2024 · 1c66202 · 1c66202
1 parent 287d591
commit 1c66202
Showing 1 changed file with 11 additions and 11 deletions.
diff --git a/...o2/openbanking/accelerator/push/authorization/endpoint/api/PushAuthorisationEndpoint.java b/...o2/openbanking/accelerator/push/authorization/endpoint/api/PushAuthorisationEndpoint.java
@@ -95,16 +95,6 @@ public Response parPost(@Context HttpServletRequest request, @Context HttpServle
         OAuthClientAuthnContext clientAuthnContext = (OAuthClientAuthnContext)
                 request.getAttribute(CLIENT_AUTHENTICATION_CONTEXT);
 
-        // Check if the client authentication is successful
-        if (!clientAuthnContext.isAuthenticated()) {
-            // create error response
-            PushAuthErrorResponse errorResponse = pushAuthRequestValidator
-                    .createErrorResponse(HttpServletResponse.SC_UNAUTHORIZED,
-                            clientAuthnContext.getErrorCode(), clientAuthnContext.getErrorMessage());
-            return Response.status(errorResponse.getHttpStatusCode())
-                    .entity(errorResponse.getPayload()).build();
-        }
-
         try {
             paramMap = pushAuthRequestValidator.validateParams(request, (Map<String, List<String>>) parameterMap);
         } catch (PushAuthRequestValidatorException exception) {
@@ -113,7 +103,17 @@ public Response parPost(@Context HttpServletRequest request, @Context HttpServle
                     .createErrorResponse(exception.getHttpStatusCode(), exception.getErrorCode(),
                             exception.getErrorDescription());
             return Response.status(errorResponse.getHttpStatusCode() != 0 ?
-                    errorResponse.getHttpStatusCode() : exception.getHttpStatusCode())
+                            errorResponse.getHttpStatusCode() : exception.getHttpStatusCode())
+                    .entity(errorResponse.getPayload()).build();
+        }
+
+        // Check if the client authentication is successful
+        if (!clientAuthnContext.isAuthenticated()) {
+            // create error response
+            PushAuthErrorResponse errorResponse = pushAuthRequestValidator
+                    .createErrorResponse(HttpServletResponse.SC_UNAUTHORIZED,
+                            clientAuthnContext.getErrorCode(), clientAuthnContext.getErrorMessage());
+            return Response.status(errorResponse.getHttpStatusCode())
                     .entity(errorResponse.getPayload()).build();
         }