001package com.nimbusds.openid.connect.sdk; 002 003 004import com.nimbusds.oauth2.sdk.ErrorObject; 005import com.nimbusds.oauth2.sdk.http.HTTPResponse; 006 007 008/** 009 * OpenID Connect specific errors. 010 * 011 * <p>Related specifications: 012 * 013 * <ul> 014 * <li>OpenID Connect Core 1.0, section 3.1.2.6. 015 * </ul> 016 */ 017public final class OIDCError { 018 019 020 // Authentication endpoint 021 022 /** 023 * The authorisation server requires end-user interaction of some form 024 * to proceed. This error may be returned when the {@link Prompt} 025 * parameter in the {@link AuthenticationRequest} is set to 026 * {@link Prompt.Type#NONE none} to request that the authorisation 027 * server should not display any user interfaces to the end-user, but 028 * the {@link AuthenticationRequest} cannot be completed without 029 * displaying a user interface for end-user interaction. 030 */ 031 public static final ErrorObject INTERACTION_REQUIRED = 032 new ErrorObject("interaction_required", "User interaction required", HTTPResponse.SC_FOUND); 033 034 /** 035 * The authorisation server requires end-user authentication. This 036 * error may be returned when the prompt parameter in the 037 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 038 * to request that the authorisation server should not display any user 039 * interfaces to the end-user, but the {@link AuthenticationRequest} 040 * cannot be completed without displaying a user interface for user 041 * authentication. 042 */ 043 public static final ErrorObject LOGIN_REQUIRED = 044 new ErrorObject("login_required", "Login required", HTTPResponse.SC_FOUND); 045 046 047 /** 048 * The end-user is required to select a session at the authorisation 049 * server. The end-user may be authenticated at the authorisation 050 * server with different associated accounts, but the end-user did not 051 * select a session. This error may be returned when the prompt 052 * parameter in the {@link AuthenticationRequest} is set to 053 * {@link Prompt.Type#NONE} to request that the authorisation server 054 * should not display any user interfaces to the end-user, but the 055 * {@link AuthenticationRequest} cannot be completed without 056 * displaying a user interface to prompt for a session to use. 057 */ 058 public static final ErrorObject ACCOUNT_SELECTION_REQUIRED = 059 new ErrorObject("account_selection_required", "Session selection required", HTTPResponse.SC_FOUND); 060 061 062 /** 063 * The authorisation server requires end-user consent. This error may 064 * be returned when the prompt parameter in the 065 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 066 * to request that the authorisation server should not display any 067 * user interfaces to the end-user, but the 068 * {@link AuthenticationRequest} cannot be completed without 069 * displaying a user interface for end-user consent. 070 */ 071 public static final ErrorObject CONSENT_REQUIRED = 072 new ErrorObject("consent_required", "Consent required", HTTPResponse.SC_FOUND); 073 074 075 /** 076 * The {@code request_uri} in the {@link AuthenticationRequest} 077 * returns an error or invalid data. 078 */ 079 public static final ErrorObject INVALID_REQUEST_URI = 080 new ErrorObject("invalid_request_uri", "Invalid request URI", HTTPResponse.SC_FOUND); 081 082 083 /** 084 * The {@code request} parameter in the {@link AuthenticationRequest} 085 * contains an invalid OpenID Connect request object. 086 */ 087 public static final ErrorObject INVALID_REQUEST_OBJECT = 088 new ErrorObject("invalid_request_object", "Invalid OpenID Connect request object", HTTPResponse.SC_FOUND); 089 090 091 /** 092 * The {@code registration} parameter in the 093 * {@link AuthenticationRequest} is not supported. Applies only to 094 * self-issued OpenID providers. 095 */ 096 public static final ErrorObject REGISTRATION_NOT_SUPPORTED = 097 new ErrorObject("registration_not_supported", "Registration parameter not supported", HTTPResponse.SC_FOUND); 098 099 100 /** 101 * The {@code request} parameter in the 102 * {@link AuthenticationRequest} is not supported. 103 */ 104 public static final ErrorObject REQUEST_NOT_SUPPORTED = 105 new ErrorObject("request_not_supported", "Request parameter not supported", HTTPResponse.SC_FOUND); 106 107 108 /** 109 * The {@code request_uri} parameter in the 110 * {@link AuthenticationRequest} is not supported. 111 */ 112 public static final ErrorObject REQUEST_URI_NOT_SUPPORTED = 113 new ErrorObject("request_uri_not_supported", "Request URI parameter not supported", HTTPResponse.SC_FOUND); 114 115 116 /** 117 * Prevents public instantiation. 118 */ 119 private OIDCError() { } 120}