All Downloads are FREE. Search and download functionalities are using the official Maven repository.

com.authlete.common.dto.AuthorizationFailRequest Maven / Gradle / Ivy

/*
 * Copyright (C) 2014-2022 Authlete, Inc.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package com.authlete.common.dto;


import java.io.Serializable;


/**
 * Request to Authlete's {@code /auth/authorization/fail} API.
 *
 * 
*
*
ticket (REQUIRED)
*
*

* The ticket issued by Authlete's {@code /auth/authorization} API * to the service implementation. It is the value of {@code "ticket"} * contained in the response from Authlete's {@code * /auth/authorization} API ({@link AuthorizationResponse}). *

*
* *
reason (REQUIRED)
*
*

* The reason of the failure of the authorization request. * See the description of {@link AuthorizationResponse} as to which * reason should be chosen. *

*
*
*
* * @see AuthorizationResponse * * @author Takahiko Kawasaki */ public class AuthorizationFailRequest implements Serializable { private static final long serialVersionUID = 3L; /** * Failure reasons of authorization requests. */ public enum Reason { /** * Unknown reason. * *

* Using this reason will result in {@code error=server_error}. *

*/ UNKNOWN, /** * The authorization request from the client application contained * {@code prompt=none}, but any end-user has not logged in. * *

* See "OpenID Connect Core 1.0, 3.1.2.1. Authentication Request" * for {@code prompt} request parameter. *

* *

* Using this reason will result in {@code error=login_required}. *

* * @see OpenID Connect Core 1.0, 3.1.2.1. Authentication Request */ NOT_LOGGED_IN, /** * The authorization request from the client application contained * {@code max_age} parameter with a non-zero value or the client's * configuration has a non-zero value for {@code default_max_age} * configuration parameter, but the service implementation cannot * behave properly based on the max age value mainly because the * service implementation does not manage authentication time of * end-users. * *

* See "OpenID Connect Core 1.0, 3.1.2.1. Authentication Request" * for {@code max_age} request parameter. *

* *

* See "OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata" * for {@code default_max_age} configuration parameter. *

* *

* Using this reason will result in {@code error=login_required}. *

* * @see OpenID Connect Core 1.0, 3.1.2.1. Authentication Request * * @see OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata */ MAX_AGE_NOT_SUPPORTED, /** * The authorization request from the client application contained * {@code prompt=none}, but the time specified by {@code max_age} * request parameter or by {@code default_max_age} configuration * parameter has passed since the time at which the end-user logged * in. * *

* See "OpenID Connect Core 1.0, 3.1.2.1. Authentication Request" * for {@code prompt} and {@code max_age} request parameters. *

* *

* See "OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata" * for {@code default_max_age} configuration parameter. *

* *

* Using this reason will result in {@code error=login_required}. *

* * @see OpenID Connect Core 1.0, 3.1.2.1. Authentication Request * * @see OpenID Connect Dynamic Client Registration 1.0, 2. Client Metadata */ EXCEEDS_MAX_AGE, /** * The authorization request from the client application requested * a specific value for {@code sub} claim, but the current end-user * (in the case of {@code prompt=none}) or the end-user after the * authentication is different from the specified value. * *

* Using this reason will result in {@code error=login_required}. *

*/ DIFFERENT_SUBJECT, /** * The authorization request from the client application contained * {@code "acr"} claim in {@code "claims"} request parameter and * the claim was marked as essential, but the ACR performed for the * end-user does not match any one of the requested ACRs. * *

* Using this reason will result in {@code error=login_required} * when the version of your Authlete server is 2.2 or older. * Otherwise, this reason will result in * {@code error=unmet_authentication_requirements}. See "OpenID Connect Core Error Code unmet_authentication_requirements" * for details about {@code unmet_authentication_requirements}. *

* * @see OpenID Connect Core Error Code unmet_authentication_requirements */ ACR_NOT_SATISFIED, /** * The end-user denied the authorization request from the client * application. * *

* Using this reason will result in {@code error=access_denied}. *

*/ DENIED, /** * Server error. * *

* Using this reason will result in {@code error=server_error}. *

* * @since 1.3 */ SERVER_ERROR, /** * The end-user was not authenticated. * *

* Using this reason will result in {@code error=login_required}. *

* * @since 1.3 */ NOT_AUTHENTICATED, /** * The authorization server cannot obtain an account selection choice * made by the end-user. * *

* Using this reason will result in {@code error=account_selection_required}. *

* * @since 2.11 */ ACCOUNT_SELECTION_REQUIRED, /** * The authorization server cannot obtain consent from the end-user. * *

* Using this reason will result in {@code error=consent_required}. *

* * @since 2.11 */ CONSENT_REQUIRED, /** * The authorization server needs interaction with the end-user. * *

* Using this reason will result in {@code error=interaction_required}. *

* * @since 2.11 */ INTERACTION_REQUIRED, /** * The requested resource is invalid, missing, unknown, or malformed. * See "Resource Indicators for OAuth 2.0" for details. * *

* Using this reason will result in {@code error=invalid_target}. *

* * @since 2.62 */ INVALID_TARGET, } /** * The ticket issued by Authlete's /auth/authorization API. */ private String ticket; /** * The reason of the failure. */ private Reason reason; /** * The custom description about the failure. */ private String description; /** * Get the value of {@code "ticket"} which is the ticket * issued by Authlete's {@code /auth/authorization} API * to the service implementation. * * @return * The ticket. */ public String getTicket() { return ticket; } /** * Set the value of {@code "ticket"} which is the ticket * issued by Authlete's {@code /auth/authorization} API * to the service implementation. * * @param ticket * The ticket. * * @return * {@code this} object. */ public AuthorizationFailRequest setTicket(String ticket) { this.ticket = ticket; return this; } /** * Get the value of {@code "reason"} which is the reason * of the failure of the authorization request. * * @return * The reason of the failure. */ public Reason getReason() { return reason; } /** * Set the value of {@code "reason"} which is the reason * of the failure of the authorization request. * * @param reason * The reason of the failure. * * @return * {@code this} object. */ public AuthorizationFailRequest setReason(Reason reason) { this.reason = reason; return this; } /** * Get the custom description about the authorization failure. * * @return * The custom description. * * @since 1.3 */ public String getDescription() { return description; } /** * Set the custom description about the authorization failure. * * @param description * The custom description. * * @return * {@code this} object. * * @since 1.3 */ public AuthorizationFailRequest setDescription(String description) { this.description = description; return this; } }




© 2015 - 2025 Weber Informatics LLC | Privacy Policy