001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.oauth2.sdk; 019 020 021import com.nimbusds.oauth2.sdk.http.HTTPResponse; 022 023 024/** 025 * Standard OAuth 2.0 authorisation and token endpoint errors. 026 * 027 * <p>The set HTTP status code is ignored for authorisation errors passed by 028 * HTTP redirection. Errors that are only used by at the authorisation endpoint 029 * are supplied with a matching HTTP status code in case they are used in a 030 * different context. 031 */ 032public final class OAuth2Error { 033 034 035 // Common OAuth 2.0 authorisation errors 036 037 /** 038 * The request is missing a required parameter, includes an invalid 039 * parameter, or is otherwise malformed. 040 */ 041 public static final ErrorObject INVALID_REQUEST = 042 new ErrorObject("invalid_request", "Invalid request", HTTPResponse.SC_BAD_REQUEST); 043 044 045 /** 046 * The client is not authorised to request an authorisation code using 047 * this method. 048 */ 049 public static final ErrorObject UNAUTHORIZED_CLIENT = 050 new ErrorObject("unauthorized_client", "Unauthorized client", HTTPResponse.SC_BAD_REQUEST); 051 052 053 /** 054 * The resource owner or authorisation server denied the request. 055 */ 056 public static final ErrorObject ACCESS_DENIED = 057 new ErrorObject("access_denied", "Access denied by resource owner or authorization server", HTTPResponse.SC_FORBIDDEN); 058 059 060 /** 061 * The authorisation server does not support obtaining an authorisation 062 * code using this method. 063 */ 064 public static final ErrorObject UNSUPPORTED_RESPONSE_TYPE = 065 new ErrorObject("unsupported_response_type", "Unsupported response type", HTTPResponse.SC_BAD_REQUEST); 066 067 068 /** 069 * The requested scope is invalid, unknown, or malformed. 070 */ 071 public static final ErrorObject INVALID_SCOPE = 072 new ErrorObject("invalid_scope", "Invalid, unknown or malformed scope", HTTPResponse.SC_BAD_REQUEST); 073 074 075 /** 076 * The authorisation server encountered an unexpected condition which 077 * prevented it from fulfilling the request. 078 */ 079 public static final ErrorObject SERVER_ERROR = 080 new ErrorObject("server_error", "Unexpected server error", HTTPResponse.SC_SERVER_ERROR); 081 082 083 /** 084 * The authorisation server is currently unable to handle the request 085 * due to a temporary overloading or maintenance of the server. 086 */ 087 public static final ErrorObject TEMPORARILY_UNAVAILABLE = 088 new ErrorObject("temporarily_unavailable", "The authorization server is temporarily unavailable", HTTPResponse.SC_SERVICE_UNAVAILABLE); 089 090 091 // Token, Base OAuth 2.0 authorisation errors, section 5.2 092 093 /** 094 * Client authentication failed (e.g. unknown client, no client 095 * authentication included, or unsupported authentication method). 096 */ 097 public static final ErrorObject INVALID_CLIENT = 098 new ErrorObject("invalid_client", "Client authentication failed", HTTPResponse.SC_UNAUTHORIZED); 099 100 101 /** 102 * The provided authorisation grant (e.g. authorisation code, resource 103 * owner credentials) or refresh token is invalid, expired, revoked, 104 * does not match the redirection URI used in the authorization request, 105 * or was issued to another client. 106 */ 107 public static final ErrorObject INVALID_GRANT = 108 new ErrorObject("invalid_grant", "Invalid grant", HTTPResponse.SC_BAD_REQUEST); 109 110 111 /** 112 * The authorisation grant type is not supported by the authorisation 113 * server. 114 */ 115 public static final ErrorObject UNSUPPORTED_GRANT_TYPE = 116 new ErrorObject("unsupported_grant_type", "Unsupported grant type", HTTPResponse.SC_BAD_REQUEST); 117 118 119 /** 120 * The {@code request_uri} in the {@link AuthorizationRequest} 121 * returns an error or invalid data. 122 */ 123 public static final ErrorObject INVALID_REQUEST_URI = 124 new ErrorObject("invalid_request_uri", "Invalid request URI", HTTPResponse.SC_FOUND); 125 126 127 /** 128 * The {@code request} parameter in the {@link AuthorizationRequest} 129 * contains an invalid request object. 130 */ 131 public static final ErrorObject INVALID_REQUEST_OBJECT = 132 new ErrorObject("invalid_request_object", "Invalid request JWT", HTTPResponse.SC_FOUND); 133 134 135 /** 136 * The {@code request_uri} parameter in the 137 * {@link AuthorizationRequest} is not supported. 138 */ 139 public static final ErrorObject REQUEST_URI_NOT_SUPPORTED = 140 new ErrorObject("request_uri_not_supported", "Request URI parameter not supported", HTTPResponse.SC_FOUND); 141 142 143 /** 144 * The {@code request} parameter in the {@link AuthorizationRequest} is 145 * not supported. 146 */ 147 public static final ErrorObject REQUEST_NOT_SUPPORTED = 148 new ErrorObject("request_not_supported", "Request parameter not supported", HTTPResponse.SC_FOUND); 149 150 151 /** 152 * The specified resource server URI is not valid or accepted by the 153 * authorisation server. 154 */ 155 public static final ErrorObject INVALID_RESOURCE = 156 new ErrorObject("invalid_resource", "Invalid or unaccepted resource", HTTPResponse.SC_BAD_REQUEST); 157 158 159 /** 160 * Prevents public instantiation. 161 */ 162 private OAuth2Error() { } 163}