001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk; 019 020 021import com.nimbusds.oauth2.sdk.ErrorObject; 022import com.nimbusds.oauth2.sdk.http.HTTPResponse; 023 024 025/** 026 * OpenID Connect specific errors. 027 * 028 * <p>Related specifications: 029 * 030 * <ul> 031 * <li>OpenID Connect Core 1.0, section 3.1.2.6. 032 * </ul> 033 */ 034public final class OIDCError { 035 036 037 // Authentication endpoint 038 039 /** 040 * The authorisation server requires end-user interaction of some form 041 * to proceed. This error may be returned when the {@link Prompt} 042 * parameter in the {@link AuthenticationRequest} is set to 043 * {@link Prompt.Type#NONE none} to request that the authorisation 044 * server should not display any user interfaces to the end-user, but 045 * the {@link AuthenticationRequest} cannot be completed without 046 * displaying a user interface for end-user interaction. 047 */ 048 public static final ErrorObject INTERACTION_REQUIRED = 049 new ErrorObject("interaction_required", "User interaction required", HTTPResponse.SC_FOUND); 050 051 /** 052 * The authorisation server requires end-user authentication. This 053 * error may be returned when the prompt parameter in the 054 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 055 * to request that the authorisation server should not display any user 056 * interfaces to the end-user, but the {@link AuthenticationRequest} 057 * cannot be completed without displaying a user interface for user 058 * authentication. 059 */ 060 public static final ErrorObject LOGIN_REQUIRED = 061 new ErrorObject("login_required", "Login required", HTTPResponse.SC_FOUND); 062 063 064 /** 065 * The end-user is required to select a session at the authorisation 066 * server. The end-user may be authenticated at the authorisation 067 * server with different associated accounts, but the end-user did not 068 * select a session. This error may be returned when the prompt 069 * parameter in the {@link AuthenticationRequest} is set to 070 * {@link Prompt.Type#NONE} to request that the authorisation server 071 * should not display any user interfaces to the end-user, but the 072 * {@link AuthenticationRequest} cannot be completed without 073 * displaying a user interface to prompt for a session to use. 074 */ 075 public static final ErrorObject ACCOUNT_SELECTION_REQUIRED = 076 new ErrorObject("account_selection_required", "Session selection required", HTTPResponse.SC_FOUND); 077 078 079 /** 080 * The authorisation server requires end-user consent. This error may 081 * be returned when the prompt parameter in the 082 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 083 * to request that the authorisation server should not display any 084 * user interfaces to the end-user, but the 085 * {@link AuthenticationRequest} cannot be completed without 086 * displaying a user interface for end-user consent. 087 */ 088 public static final ErrorObject CONSENT_REQUIRED = 089 new ErrorObject("consent_required", "Consent required", HTTPResponse.SC_FOUND); 090 091 092 /** 093 * The OpenID provider is unable to authenticate the end-user at the 094 * required Authentication Context Class Reference value when 095 * requested with an essential {@code acr} claim. This error code may 096 * also be used in other appropriate cases. 097 */ 098 public static final ErrorObject UNMET_AUTHENTICATION_REQUIREMENTS = 099 new ErrorObject("unmet_authentication_requirements", "Unmet authentication requirements", HTTPResponse.SC_FOUND); 100 101 102 /** 103 * The {@code registration} parameter in the 104 * {@link AuthenticationRequest} is not supported. Applies only to 105 * self-issued OpenID providers. 106 */ 107 public static final ErrorObject REGISTRATION_NOT_SUPPORTED = 108 new ErrorObject("registration_not_supported", "Registration parameter not supported", HTTPResponse.SC_FOUND); 109 110 111 /** 112 * Prevents public instantiation. 113 */ 114 private OIDCError() { } 115}