001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk; 019 020 021import com.nimbusds.oauth2.sdk.http.HTTPResponse; 022 023 024/** 025 * Standard OAuth 2.0 authorisation and token endpoint errors. 026 * 027 * <p>The set HTTP status code is ignored for authorisation errors passed by 028 * HTTP redirection. Errors that are only used by at the authorisation endpoint 029 * are supplied with a matching HTTP status code in case they are used in a 030 * different context. 031 */ 032public final class OAuth2Error { 033 034 035 // Common OAuth 2.0 authorisation errors 036 037 /** 038 * The {@link OAuth2Error#INVALID_REQUEST} error code string. 039 */ 040 public static final String INVALID_REQUEST_CODE = "invalid_request"; 041 042 /** 043 * The request is missing a required parameter, includes an invalid 044 * parameter, or is otherwise malformed. 045 */ 046 public static final ErrorObject INVALID_REQUEST = 047 new ErrorObject(INVALID_REQUEST_CODE, "Invalid request", HTTPResponse.SC_BAD_REQUEST); 048 049 /** 050 * The {@link OAuth2Error#UNAUTHORIZED_CLIENT} error code string. 051 */ 052 public static final String UNAUTHORIZED_CLIENT_CODE = "unauthorized_client"; 053 054 /** 055 * The client is not authorised to request an authorisation code using 056 * this method. 057 */ 058 public static final ErrorObject UNAUTHORIZED_CLIENT = 059 new ErrorObject(UNAUTHORIZED_CLIENT_CODE, "Unauthorized client", HTTPResponse.SC_BAD_REQUEST); 060 061 /** 062 * The {@link OAuth2Error#ACCESS_DENIED} error code string. 063 */ 064 public static final String ACCESS_DENIED_CODE = "access_denied"; 065 066 /** 067 * The resource owner or authorisation server denied the request. 068 */ 069 public static final ErrorObject ACCESS_DENIED = 070 new ErrorObject(ACCESS_DENIED_CODE, "Access denied by resource owner or authorization server", HTTPResponse.SC_FORBIDDEN); 071 072 /** 073 * The {@link OAuth2Error#UNSUPPORTED_RESPONSE_TYPE} error code string. 074 */ 075 public static final String UNSUPPORTED_RESPONSE_TYPE_CODE = "unsupported_response_type"; 076 077 /** 078 * The authorisation server does not support obtaining an authorisation 079 * code using this method. 080 */ 081 public static final ErrorObject UNSUPPORTED_RESPONSE_TYPE = 082 new ErrorObject(UNSUPPORTED_RESPONSE_TYPE_CODE, "Unsupported response type", HTTPResponse.SC_BAD_REQUEST); 083 084 /** 085 * The {@link OAuth2Error#INVALID_SCOPE} error code string. 086 */ 087 public static final String INVALID_SCOPE_CODE = "invalid_scope"; 088 089 /** 090 * The requested scope is invalid, unknown, or malformed. 091 */ 092 public static final ErrorObject INVALID_SCOPE = 093 new ErrorObject(INVALID_SCOPE_CODE, "Invalid, unknown or malformed scope", HTTPResponse.SC_BAD_REQUEST); 094 095 /** 096 * The {@link OAuth2Error#INVALID_AUTHORIZATION_DETAILS} error code 097 * string. 098 */ 099 public static final String INVALID_AUTHORIZATION_DETAILS_CODE = "invalid_authorization_details"; 100 101 /** 102 * The requested authorisation details are invalid, unknown, or 103 * malformed. 104 */ 105 public static final ErrorObject INVALID_AUTHORIZATION_DETAILS = 106 new ErrorObject(INVALID_AUTHORIZATION_DETAILS_CODE, "Invalid, unknown or malformed authorization details", HTTPResponse.SC_BAD_REQUEST); 107 108 /** 109 * The {@link OAuth2Error#SERVER_ERROR} error code string. 110 */ 111 public static final String SERVER_ERROR_CODE = "server_error"; 112 113 /** 114 * The authorisation server encountered an unexpected condition which 115 * prevented it from fulfilling the request. 116 */ 117 public static final ErrorObject SERVER_ERROR = 118 new ErrorObject(SERVER_ERROR_CODE, "Unexpected server error", HTTPResponse.SC_SERVER_ERROR); 119 120 /** 121 * The {@link OAuth2Error#TEMPORARILY_UNAVAILABLE} error code string. 122 */ 123 public static final String TEMPORARILY_UNAVAILABLE_CODE = "temporarily_unavailable"; 124 125 /** 126 * The authorisation server is currently unable to handle the request 127 * due to a temporary overloading or maintenance of the server. 128 */ 129 public static final ErrorObject TEMPORARILY_UNAVAILABLE = 130 new ErrorObject(TEMPORARILY_UNAVAILABLE_CODE, "The authorization server is temporarily unavailable", HTTPResponse.SC_SERVICE_UNAVAILABLE); 131 132 133 // Token, Base OAuth 2.0 authorisation errors, section 5.2 134 /** 135 * The {@link OAuth2Error#INVALID_CLIENT} error code string. 136 */ 137 public static final String INVALID_CLIENT_CODE = "invalid_client"; 138 139 /** 140 * Client authentication failed (e.g. unknown client, no client 141 * authentication included, or unsupported authentication method). 142 */ 143 public static final ErrorObject INVALID_CLIENT = 144 new ErrorObject(INVALID_CLIENT_CODE, "Client authentication failed", HTTPResponse.SC_UNAUTHORIZED); 145 146 /** 147 * The {@link OAuth2Error#INVALID_GRANT} error code string. 148 */ 149 public static final String INVALID_GRANT_CODE = "invalid_grant"; 150 151 /** 152 * The provided authorisation grant (e.g. authorisation code, resource 153 * owner credentials) or refresh token is invalid, expired, revoked, 154 * does not match the redirection URI used in the authorization request, 155 * or was issued to another client. 156 */ 157 public static final ErrorObject INVALID_GRANT = 158 new ErrorObject(INVALID_GRANT_CODE, "Invalid grant", HTTPResponse.SC_BAD_REQUEST); 159 160 /** 161 * The {@link OAuth2Error#UNSUPPORTED_GRANT_TYPE} error code string. 162 */ 163 public static final String UNSUPPORTED_GRANT_TYPE_CODE = "unsupported_grant_type"; 164 165 /** 166 * The authorisation grant type is not supported by the authorisation 167 * server. 168 */ 169 public static final ErrorObject UNSUPPORTED_GRANT_TYPE = 170 new ErrorObject(UNSUPPORTED_GRANT_TYPE_CODE, "Unsupported grant type", HTTPResponse.SC_BAD_REQUEST); 171 172 /** 173 * The {@link OAuth2Error#INVALID_REQUEST_URI} error code string. 174 */ 175 public static final String INVALID_REQUEST_URI_CODE = "invalid_request_uri"; 176 177 /** 178 * The {@code request_uri} in the {@link AuthorizationRequest} 179 * returns an error or invalid data. 180 */ 181 public static final ErrorObject INVALID_REQUEST_URI = 182 new ErrorObject(INVALID_REQUEST_URI_CODE, "Invalid request URI", HTTPResponse.SC_FOUND); 183 184 /** 185 * The {@link OAuth2Error#INVALID_REQUEST_OBJECT} error code string. 186 */ 187 public static final String INVALID_REQUEST_OBJECT_CODE = "invalid_request_object"; 188 189 /** 190 * The {@code request} parameter in the {@link AuthorizationRequest} 191 * contains an invalid request object. 192 */ 193 public static final ErrorObject INVALID_REQUEST_OBJECT = 194 new ErrorObject(INVALID_REQUEST_OBJECT_CODE, "Invalid request JWT", HTTPResponse.SC_FOUND); 195 196 /** 197 * The {@link OAuth2Error#REQUEST_URI_NOT_SUPPORTED} error code string. 198 */ 199 public static final String REQUEST_URI_NOT_SUPPORTED_CODE = "request_uri_not_supported"; 200 201 /** 202 * The {@code request_uri} parameter in the 203 * {@link AuthorizationRequest} is not supported. 204 */ 205 public static final ErrorObject REQUEST_URI_NOT_SUPPORTED = 206 new ErrorObject(REQUEST_URI_NOT_SUPPORTED_CODE, "Request URI parameter not supported", HTTPResponse.SC_FOUND); 207 208 /** 209 * The {@link OAuth2Error#REQUEST_NOT_SUPPORTED} error code string. 210 */ 211 public static final String REQUEST_NOT_SUPPORTED_CODE = "request_not_supported"; 212 213 /** 214 * The {@code request} parameter in the {@link AuthorizationRequest} is 215 * not supported. 216 */ 217 public static final ErrorObject REQUEST_NOT_SUPPORTED = 218 new ErrorObject(REQUEST_NOT_SUPPORTED_CODE, "Request parameter not supported", HTTPResponse.SC_FOUND); 219 220 /** 221 * The {@link OAuth2Error#INVALID_RESOURCE} error code string. 222 * @see #INVALID_TARGET_CODE 223 */ 224 @Deprecated 225 public static final String INVALID_RESOURCE_CODE = "invalid_resource"; 226 227 /** 228 * The specified resource server URI is not valid or accepted by the 229 * authorisation server. @see #INVALID_TARGET 230 */ 231 @Deprecated 232 public static final ErrorObject INVALID_RESOURCE = 233 new ErrorObject(INVALID_RESOURCE_CODE, "Invalid or unaccepted resource", HTTPResponse.SC_BAD_REQUEST); 234 235 /** 236 * The {@link OAuth2Error#INVALID_RESOURCE} error code string. 237 */ 238 public static final String INVALID_TARGET_CODE = "invalid_target"; 239 240 241 /** 242 * The specified resource server URI is not valid or accepted by the 243 * authorisation server. 244 */ 245 public static final ErrorObject INVALID_TARGET = 246 new ErrorObject(INVALID_TARGET_CODE, "Invalid or unaccepted resource", HTTPResponse.SC_BAD_REQUEST); 247 248 /** 249 * The {@link OAuth2Error#OVERBROAD_SCOPE} error code string. 250 */ 251 public static final String OVERBROAD_SCOPE_CODE = "overbroad_scope"; 252 253 /** 254 * The scope of the request is considered overbroad by the 255 * authorisation server. 256 */ 257 public static final ErrorObject OVERBROAD_SCOPE = 258 new ErrorObject(OVERBROAD_SCOPE_CODE, "Overbroad scope", HTTPResponse.SC_BAD_REQUEST); 259 260 261 /** 262 * The {@link OAuth2Error#USE_DPOP_NONCE} error code string. 263 */ 264 public static final String INVALID_DPOP_PROOF_CODE = "invalid_dpop_proof"; 265 266 267 /** 268 * The DPoP proof received by the authorisation server is invalid. 269 */ 270 public static final ErrorObject INVALID_DPOP_PROOF = 271 new ErrorObject(INVALID_DPOP_PROOF_CODE, "Invalid DPoP proof", HTTPResponse.SC_BAD_REQUEST); 272 273 274 /** 275 * The {@link OAuth2Error#USE_DPOP_NONCE} error code string. 276 */ 277 public static final String USE_DPOP_NONCE_CODE = "use_dpop_nonce"; 278 279 280 /** 281 * Use of DPoP nonce required. 282 */ 283 public static final ErrorObject USE_DPOP_NONCE = 284 new ErrorObject(USE_DPOP_NONCE_CODE, "Use of DPoP nonce required"); 285 286 287 // OpenID Connect Federation 1.0 288 289 /** 290 * The {@link OAuth2Error#MISSING_TRUST_ANCHOR} error code string. 291 */ 292 public static final String MISSING_TRUST_ANCHOR_CODE = "missing_trust_anchor"; 293 294 /** 295 * No trusted anchor could be found to process an OpenID Connect 296 * Federation 1.0 authorisation request using automatic client 297 * registration. 298 */ 299 public static final ErrorObject MISSING_TRUST_ANCHOR = 300 new ErrorObject(MISSING_TRUST_ANCHOR_CODE, "No trusted anchor could be found", HTTPResponse.SC_BAD_REQUEST); 301 302 /** 303 * The {@link OAuth2Error#VALIDATION_FAILED} error code string. 304 */ 305 public static final String VALIDATION_FAILED_CODE = "validation_failed"; 306 307 /** 308 * The trust chain validation for an OpenID Connect Federation 1.0 309 * authorisation request using automatic client registration failed. 310 */ 311 public static final ErrorObject VALIDATION_FAILED = 312 new ErrorObject(VALIDATION_FAILED_CODE, "Trust chain validation failed", HTTPResponse.SC_BAD_REQUEST); 313 314 315 /** 316 * The {@link OAuth2Error#UNSUPPORTED_PARAMETER} error code string. 317 */ 318 public static final String UNSUPPORTED_PARAMETER_CODE = "unsupported_parameter"; 319 320 321 /** 322 * Unsupported parameter. 323 */ 324 public static final ErrorObject UNSUPPORTED_PARAMETER = 325 new ErrorObject(UNSUPPORTED_PARAMETER_CODE, "Unsupported parameter", HTTPResponse.SC_BAD_REQUEST); 326 327 328 /** 329 * Prevents public instantiation. 330 */ 331 private OAuth2Error() { } 332}