• Home
• com.nimbusds
• oauth2-oidc-sdk
• 11.18
• source code
• OAuth2Error.java

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

com.nimbusds.oauth2.sdk.OAuth2Error Maven / Gradle / Ivy

/*
 * oauth2-oidc-sdk
 *
 * Copyright 2012-2016, Connect2id Ltd and contributors.
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use
 * this file except in compliance with the License. You may obtain a copy of the
 * License at
 *
 *    http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software distributed
 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
 * CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 */

package com.nimbusds.oauth2.sdk;


import com.nimbusds.oauth2.sdk.http.HTTPResponse;


/**
 * Standard OAuth 2.0 authorisation and token endpoint errors.
 *
 * 
The set HTTP status code is ignored for authorisation errors passed by
 * HTTP redirection. Errors that are only used by at the authorisation endpoint
 * are supplied with a matching HTTP status code in case they are used in a
 * different context.
 */
public final class OAuth2Error {


	// Common OAuth 2.0 authorisation errors

	/**
	 * The {@link OAuth2Error#INVALID_REQUEST} error code string.
	 */
	public static final String INVALID_REQUEST_CODE = "invalid_request";

	/**
	 * The request is missing a required parameter, includes an invalid 
	 * parameter, or is otherwise malformed.
	 */
	public static final ErrorObject INVALID_REQUEST = 
		new ErrorObject(INVALID_REQUEST_CODE, "Invalid request", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#UNAUTHORIZED_CLIENT} error code string.
	 */
	public static final String UNAUTHORIZED_CLIENT_CODE = "unauthorized_client";

	/**
	 * The client is not authorised to request an authorisation code using 
	 * this method.
	 */
	public static final ErrorObject UNAUTHORIZED_CLIENT =
		new ErrorObject(UNAUTHORIZED_CLIENT_CODE, "Unauthorized client", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#ACCESS_DENIED} error code string.
	 */
	public static final String ACCESS_DENIED_CODE = "access_denied";

	/**
	 * The resource owner or authorisation server denied the request.
	 */
	public static final ErrorObject ACCESS_DENIED =
		new ErrorObject(ACCESS_DENIED_CODE, "Access denied by resource owner or authorization server", HTTPResponse.SC_FORBIDDEN);

	/**
	 * The {@link OAuth2Error#UNSUPPORTED_RESPONSE_TYPE} error code string.
	 */
	public static final String UNSUPPORTED_RESPONSE_TYPE_CODE = "unsupported_response_type";

	/**
	 * The authorisation server does not support obtaining an authorisation 
	 * code using this method.
	 */
	public static final ErrorObject UNSUPPORTED_RESPONSE_TYPE =
		new ErrorObject(UNSUPPORTED_RESPONSE_TYPE_CODE, "Unsupported response type", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#INVALID_SCOPE} error code string.
	 */
	public static final String INVALID_SCOPE_CODE = "invalid_scope";

	/**
	 * The requested scope is invalid, unknown, or malformed.
	 */
	public static final ErrorObject INVALID_SCOPE =
		new ErrorObject(INVALID_SCOPE_CODE, "Invalid, unknown or malformed scope", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#INVALID_AUTHORIZATION_DETAILS} error code
	 * string.
	 */
	public static final String INVALID_AUTHORIZATION_DETAILS_CODE = "invalid_authorization_details";

	/**
	 * The requested authorisation details are invalid, unknown, or
	 * malformed.
	 */
	public static final ErrorObject INVALID_AUTHORIZATION_DETAILS =
		new ErrorObject(INVALID_AUTHORIZATION_DETAILS_CODE, "Invalid, unknown or malformed authorization details", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#SERVER_ERROR} error code string.
	 */
	public static final String SERVER_ERROR_CODE = "server_error";

	/**
	 * The authorisation server encountered an unexpected condition which 
	 * prevented it from fulfilling the request.
	 */
	public static final ErrorObject SERVER_ERROR =
		new ErrorObject(SERVER_ERROR_CODE, "Unexpected server error", HTTPResponse.SC_SERVER_ERROR);

	/**
	 * The {@link OAuth2Error#TEMPORARILY_UNAVAILABLE} error code string.
	 */
	public static final String TEMPORARILY_UNAVAILABLE_CODE = "temporarily_unavailable";

	/**
	 * The authorisation server is currently unable to handle the request 
	 * due to a temporary overloading or maintenance of the server.
	 */
	public static final ErrorObject TEMPORARILY_UNAVAILABLE =
		new ErrorObject(TEMPORARILY_UNAVAILABLE_CODE, "The authorization server is temporarily unavailable", HTTPResponse.SC_SERVICE_UNAVAILABLE);
	
	
	// Token, Base OAuth 2.0 authorisation errors, section 5.2
	/**
	 * The {@link OAuth2Error#INVALID_CLIENT} error code string.
	 */
	public static final String INVALID_CLIENT_CODE = "invalid_client";

	/**
	 * Client authentication failed (e.g. unknown client, no client 
	 * authentication included, or unsupported authentication method).
	 */
	public static final ErrorObject INVALID_CLIENT =
		new ErrorObject(INVALID_CLIENT_CODE, "Client authentication failed", HTTPResponse.SC_UNAUTHORIZED);

	/**
	 * The {@link OAuth2Error#INVALID_GRANT} error code string.
	 */
	public static final String INVALID_GRANT_CODE = "invalid_grant";

	/**
	 * The provided authorisation grant (e.g. authorisation code, resource 
	 * owner credentials) or refresh token is invalid, expired, revoked, 
	 * does not match the redirection URI used in the authorization request,
	 * or was issued to another client.
	 */
	public static final ErrorObject INVALID_GRANT =
		new ErrorObject(INVALID_GRANT_CODE, "Invalid grant", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#UNSUPPORTED_GRANT_TYPE} error code string.
	 */
	public static final String UNSUPPORTED_GRANT_TYPE_CODE = "unsupported_grant_type";

	/**
	 * The authorisation grant type is not supported by the authorisation 
	 * server.
	 */
	public static final ErrorObject UNSUPPORTED_GRANT_TYPE =
		new ErrorObject(UNSUPPORTED_GRANT_TYPE_CODE, "Unsupported grant type", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#INVALID_REQUEST_URI} error code string.
	 */
	public static final String INVALID_REQUEST_URI_CODE = "invalid_request_uri";

	/**
	 * The {@code request_uri} in the {@link AuthorizationRequest}
	 * returns an error or invalid data.
	 */
	public static final ErrorObject INVALID_REQUEST_URI =
		new ErrorObject(INVALID_REQUEST_URI_CODE, "Invalid request URI", HTTPResponse.SC_FOUND);

	/**
	 * The {@link OAuth2Error#INVALID_REQUEST_OBJECT} error code string.
	 */
	public static final String INVALID_REQUEST_OBJECT_CODE = "invalid_request_object";

	/**
	 * The {@code request} parameter in the {@link AuthorizationRequest}
	 * contains an invalid request object.
	 */
	public static final ErrorObject	INVALID_REQUEST_OBJECT =
		new ErrorObject(INVALID_REQUEST_OBJECT_CODE, "Invalid request JWT", HTTPResponse.SC_FOUND);

	/**
	 * The {@link OAuth2Error#REQUEST_URI_NOT_SUPPORTED} error code string.
	 */
	public static final String REQUEST_URI_NOT_SUPPORTED_CODE = "request_uri_not_supported";

	/**
	 * The {@code request_uri} parameter in the
	 * {@link AuthorizationRequest} is not supported.
	 */
	public static final ErrorObject REQUEST_URI_NOT_SUPPORTED =
		new ErrorObject(REQUEST_URI_NOT_SUPPORTED_CODE, "Request URI parameter not supported", HTTPResponse.SC_FOUND);

	/**
	 * The {@link OAuth2Error#REQUEST_NOT_SUPPORTED} error code string.
	 */
	public static final String REQUEST_NOT_SUPPORTED_CODE = "request_not_supported";

	/**
	 * The {@code request} parameter in the {@link AuthorizationRequest} is
	 * not supported.
	 */
	public static final ErrorObject REQUEST_NOT_SUPPORTED =
		new ErrorObject(REQUEST_NOT_SUPPORTED_CODE, "Request parameter not supported", HTTPResponse.SC_FOUND);

	/**
	 * The {@link OAuth2Error#INVALID_RESOURCE} error code string.
	 * @see #INVALID_TARGET_CODE
	 */
	@Deprecated
	public static final String INVALID_RESOURCE_CODE = "invalid_resource";

	/**
	 * The specified resource server URI is not valid or accepted by the
	 * authorisation server. @see #INVALID_TARGET
	 */
	@Deprecated
	public static final ErrorObject INVALID_RESOURCE =
		new ErrorObject(INVALID_RESOURCE_CODE, "Invalid or unaccepted resource", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#INVALID_RESOURCE} error code string.
	 */
	public static final String INVALID_TARGET_CODE = "invalid_target";

	
	/**
	 * The specified resource server URI is not valid or accepted by the
	 * authorisation server.
	 */
	public static final ErrorObject INVALID_TARGET =
		new ErrorObject(INVALID_TARGET_CODE, "Invalid or unaccepted resource", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#OVERBROAD_SCOPE} error code string.
	 */
	public static final String OVERBROAD_SCOPE_CODE = "overbroad_scope";

	/**
	 * The scope of the request is considered overbroad by the
	 * authorisation server.
	 */
	public static final ErrorObject OVERBROAD_SCOPE =
		new ErrorObject(OVERBROAD_SCOPE_CODE, "Overbroad scope", HTTPResponse.SC_BAD_REQUEST);
	
	
	/**
	 * The {@link OAuth2Error#USE_DPOP_NONCE} error code string.
	 */
	public static final String INVALID_DPOP_PROOF_CODE = "invalid_dpop_proof";
	
	
	/**
	 * The DPoP proof received by the authorisation server is invalid.
	 */
	public static final ErrorObject INVALID_DPOP_PROOF =
		new ErrorObject(INVALID_DPOP_PROOF_CODE, "Invalid DPoP proof", HTTPResponse.SC_BAD_REQUEST);
	
	
	/**
	 * The {@link OAuth2Error#USE_DPOP_NONCE} error code string.
	 */
	public static final String USE_DPOP_NONCE_CODE = "use_dpop_nonce";
	
	
	/**
	 * Use of DPoP nonce required.
	 */
	public static final ErrorObject USE_DPOP_NONCE =
		new ErrorObject(USE_DPOP_NONCE_CODE, "Use of DPoP nonce required");
	
	
	// OpenID Connect Federation 1.0

	/**
	 * The {@link OAuth2Error#MISSING_TRUST_ANCHOR} error code string.
	 */
	public static final String MISSING_TRUST_ANCHOR_CODE = "missing_trust_anchor";

	/**
	 * No trusted anchor could be found to process an OpenID Connect
	 * Federation 1.0 authorisation request using automatic client
	 * registration.
	 */
	public static final ErrorObject MISSING_TRUST_ANCHOR =
		new ErrorObject(MISSING_TRUST_ANCHOR_CODE, "No trusted anchor could be found", HTTPResponse.SC_BAD_REQUEST);

	/**
	 * The {@link OAuth2Error#VALIDATION_FAILED} error code string.
	 */
	public static final String VALIDATION_FAILED_CODE = "validation_failed";

	/**
	 * The trust chain validation for an OpenID Connect Federation 1.0
	 * authorisation request using automatic client registration failed.
	 */
	public static final ErrorObject VALIDATION_FAILED =
		new ErrorObject(VALIDATION_FAILED_CODE, "Trust chain validation failed", HTTPResponse.SC_BAD_REQUEST);
	
	
	/**
	 * The {@link OAuth2Error#UNSUPPORTED_PARAMETER} error code string.
	 */
	public static final String UNSUPPORTED_PARAMETER_CODE = "unsupported_parameter";
	
	
	/**
	 * Unsupported parameter.
	 */
	public static final ErrorObject UNSUPPORTED_PARAMETER =
		new ErrorObject(UNSUPPORTED_PARAMETER_CODE, "Unsupported parameter", HTTPResponse.SC_BAD_REQUEST);
	
	
	/**
	 * Prevents public instantiation.
	 */
	private OAuth2Error() { }
}