Source code

001package com.nimbusds.openid.connect.sdk;
002
003
004import com.nimbusds.oauth2.sdk.ErrorObject;
005import com.nimbusds.oauth2.sdk.http.HTTPResponse;
006
007
008/**
009 * OpenID Connect specific errors.
010 *
011 * <p>Related specifications:
012 *
013 * <ul>
014 *     <li>OpenID Connect Core 1.0, section 3.1.2.6.
015 * </ul>
016 */
017public final class OIDCError {
018
019        
020        // Authentication endpoint
021        
022        /**
023         * The authorisation server requires end-user interaction of some form 
024         * to proceed. This error may be returned when the {@link Prompt} 
025         * parameter in the {@link AuthenticationRequest} is set to
026         * {@link Prompt.Type#NONE none} to request that the authorisation 
027         * server should not display any user interfaces to the end-user, but 
028         * the {@link AuthenticationRequest} cannot be completed without
029         * displaying a user interface for end-user interaction.
030         */
031        public static final ErrorObject INTERACTION_REQUIRED =
032                new ErrorObject("interaction_required", "User interaction required", HTTPResponse.SC_FOUND);
033
034        /**
035         * The authorisation server requires end-user authentication. This 
036         * error may be returned when the prompt parameter in the 
037         * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE}
038         * to request that the authorisation server should not display any user 
039         * interfaces to the end-user, but the {@link AuthenticationRequest}
040         * cannot be completed without displaying a user interface for user 
041         * authentication.
042         */
043        public static final ErrorObject LOGIN_REQUIRED =
044                new ErrorObject("login_required", "Login required", HTTPResponse.SC_FOUND);
045
046        
047        /**
048         * The end-user is required to select a session at the authorisation 
049         * server. The end-user may be authenticated at the authorisation 
050         * server with different associated accounts, but the end-user did not 
051         * select a session. This error may be returned when the prompt 
052         * parameter in the {@link AuthenticationRequest} is set to
053         * {@link Prompt.Type#NONE} to request that the authorisation server 
054         * should not display any user interfaces to the end-user, but the 
055         * {@link AuthenticationRequest} cannot be completed without
056         * displaying a user interface to prompt for a session to use.
057         */
058        public static final ErrorObject ACCOUNT_SELECTION_REQUIRED =
059                new ErrorObject("account_selection_required", "Session selection required", HTTPResponse.SC_FOUND);
060
061        
062        /**
063         * The authorisation server requires end-user consent. This error may 
064         * be returned when the prompt parameter in the 
065         * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE}
066         * to request that the authorisation server should not display any 
067         * user interfaces to the end-user, but the 
068         * {@link AuthenticationRequest} cannot be completed without
069         * displaying a user interface for end-user consent.
070         */
071        public static final ErrorObject CONSENT_REQUIRED =
072                new ErrorObject("consent_required", "Consent required", HTTPResponse.SC_FOUND);
073
074
075        /**
076         * The {@code request_uri} in the {@link AuthenticationRequest}
077         * returns an error or invalid data.
078         */
079        public static final ErrorObject INVALID_REQUEST_URI =
080                new ErrorObject("invalid_request_uri", "Invalid request URI", HTTPResponse.SC_FOUND);
081
082        
083        /**
084         * The {@code request} parameter in the {@link AuthenticationRequest}
085         * contains an invalid OpenID Connect request object.
086         */
087        public static final ErrorObject INVALID_REQUEST_OBJECT =
088                new ErrorObject("invalid_request_object", "Invalid OpenID Connect request object", HTTPResponse.SC_FOUND);
089
090        
091        /**
092         * The {@code registration} parameter in the 
093         * {@link AuthenticationRequest} is not supported. Applies only to
094         * self-issued OpenID providers.
095         */
096        public static final ErrorObject REGISTRATION_NOT_SUPPORTED =
097                new ErrorObject("registration_not_supported", "Registration parameter not supported", HTTPResponse.SC_FOUND);
098        
099        
100        /**
101         * The {@code request} parameter in the 
102         * {@link AuthenticationRequest} is not supported.
103         */
104        public static final ErrorObject REQUEST_NOT_SUPPORTED =
105                new ErrorObject("request_not_supported", "Request parameter not supported", HTTPResponse.SC_FOUND);
106        
107        
108        /**
109         * The {@code request_uri} parameter in the 
110         * {@link AuthenticationRequest} is not supported.
111         */
112        public static final ErrorObject REQUEST_URI_NOT_SUPPORTED =
113                new ErrorObject("request_uri_not_supported", "Request URI parameter not supported", HTTPResponse.SC_FOUND);
114
115        
116        /**
117         * Prevents public instantiation.
118         */
119        private OIDCError() { }
120}