Not being able to get request object parameters if request object validation fails

[anjuchamantha]

Current Behavior

In org.wso2.carbon.identity.openidconnect.RequestObjectValidatorImpl class, validateRequestObject method validates a the request object and if there is an issue with the request object, it throws a RequestObjectException. If the request object validation is successful and if an object of RequestObject class is created, the oAuth2Parameters are overridden by the params inside the requestObject using the overrideAuthzParameters method in org.wso2.carbon.identity.oauth.endpoint.authz.OAuth2AuthzEndpoint class. However if validateRequestObject method throws exceptions, requestObject is not created and the params inside the request object are not taken into consideration (not overridden to oAuth2Parameters).

This becomes an issue for FAPI compliance[1] of JARM.

If the response_mode is sent only inside the request object and the request object validation fails, there is no way of selecting a responseModeProvider since response_mode is not set to oAuth2Parameters. Therefore even if response_mode=jwt is sent inside request object, it is not possible to pick the JwtResponseModeProvider and send the redirect_url in jwt format. Due to this, some FAPI-JARM tests are failing.

Some failing tests:
fapi1-advanced-final-ensure-request-object-without-exp-fails,
fapi1-advanced-final-ensure-request-object-without-nbf-fails,
fapi1-advanced-final-ensure-request-object-without-scope-fails
etc.

Therefore in JARM case, we need to get response_mode before validating the request object.

References:
[1] FAPI conformance suite integration git issue: #16630

[isharak]

This issue is being closed due to extended inactivity. Please feel free to reopen it if further attention is needed. Thank you for helping us keep the issue list relevant and focused!