001/* 002 * oauth2-oidc-sdk 003 * 004 * Copyright 2012-2016, Connect2id Ltd and contributors. 005 * 006 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use 007 * this file except in compliance with the License. You may obtain a copy of the 008 * License at 009 * 010 * http://www.apache.org/licenses/LICENSE-2.0 011 * 012 * Unless required by applicable law or agreed to in writing, software distributed 013 * under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR 014 * CONDITIONS OF ANY KIND, either express or implied. See the License for the 015 * specific language governing permissions and limitations under the License. 016 */ 017 018package com.nimbusds.openid.connect.sdk; 019 020 021import com.nimbusds.oauth2.sdk.ErrorObject; 022import com.nimbusds.oauth2.sdk.http.HTTPResponse; 023 024 025/** 026 * OpenID Connect specific errors. 027 * 028 * <p>Related specifications: 029 * 030 * <ul> 031 * <li>OpenID Connect Core 1.0, section 3.1.2.6. 032 * </ul> 033 */ 034public final class OIDCError { 035 036 037 // Authentication endpoint 038 039 040 /** 041 * The {@link OIDCError#INTERACTION_REQUIRED} error code string. 042 */ 043 public static final String INTERACTION_REQUIRED_CODE = "interaction_required"; 044 045 046 /** 047 * The authorisation server requires end-user interaction of some form 048 * to proceed. This error may be returned when the {@link Prompt} 049 * parameter in the {@link AuthenticationRequest} is set to 050 * {@link Prompt.Type#NONE none} to request that the authorisation 051 * server should not display any user interfaces to the end-user, but 052 * the {@link AuthenticationRequest} cannot be completed without 053 * displaying a user interface for end-user interaction. 054 */ 055 public static final ErrorObject INTERACTION_REQUIRED = 056 new ErrorObject(INTERACTION_REQUIRED_CODE, "User interaction required", HTTPResponse.SC_FOUND); 057 058 059 /** 060 * The {@link OIDCError#LOGIN_REQUIRED} error code string. 061 */ 062 public static final String LOGIN_REQUIRED_CODE = "login_required"; 063 064 065 /** 066 * The authorisation server requires end-user authentication. This 067 * error may be returned when the prompt parameter in the 068 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 069 * to request that the authorisation server should not display any user 070 * interfaces to the end-user, but the {@link AuthenticationRequest} 071 * cannot be completed without displaying a user interface for user 072 * authentication. 073 */ 074 public static final ErrorObject LOGIN_REQUIRED = 075 new ErrorObject(LOGIN_REQUIRED_CODE, "Login required", HTTPResponse.SC_FOUND); 076 077 078 /** 079 * The {@link OIDCError#ACCOUNT_SELECTION_REQUIRED} error code string. 080 */ 081 public static final String ACCOUNT_SELECTION_REQUIRED_CODE = "account_selection_required"; 082 083 084 /** 085 * The end-user is required to select a session at the authorisation 086 * server. The end-user may be authenticated at the authorisation 087 * server with different associated accounts, but the end-user did not 088 * select a session. This error may be returned when the prompt 089 * parameter in the {@link AuthenticationRequest} is set to 090 * {@link Prompt.Type#NONE} to request that the authorisation server 091 * should not display any user interfaces to the end-user, but the 092 * {@link AuthenticationRequest} cannot be completed without 093 * displaying a user interface to prompt for a session to use. 094 */ 095 public static final ErrorObject ACCOUNT_SELECTION_REQUIRED = 096 new ErrorObject(ACCOUNT_SELECTION_REQUIRED_CODE, "Session selection required", HTTPResponse.SC_FOUND); 097 098 099 /** 100 * The {@link OIDCError#CONSENT_REQUIRED} error code string. 101 */ 102 public static final String CONSENT_REQUIRED_CODE = "consent_required"; 103 104 105 /** 106 * The authorisation server requires end-user consent. This error may 107 * be returned when the prompt parameter in the 108 * {@link AuthenticationRequest} is set to {@link Prompt.Type#NONE} 109 * to request that the authorisation server should not display any 110 * user interfaces to the end-user, but the 111 * {@link AuthenticationRequest} cannot be completed without 112 * displaying a user interface for end-user consent. 113 */ 114 public static final ErrorObject CONSENT_REQUIRED = 115 new ErrorObject(CONSENT_REQUIRED_CODE, "Consent required", HTTPResponse.SC_FOUND); 116 117 118 /** 119 * The {@link OIDCError#UNMET_AUTHENTICATION_REQUIREMENTS} error code 120 * string. 121 */ 122 public static final String UNMET_AUTHENTICATION_REQUIREMENTS_CODE = "unmet_authentication_requirements"; 123 124 125 /** 126 * The OpenID provider is unable to authenticate the end-user at the 127 * required Authentication Context Class Reference value when 128 * requested with an essential {@code acr} claim. This error code may 129 * also be used in other appropriate cases. 130 */ 131 public static final ErrorObject UNMET_AUTHENTICATION_REQUIREMENTS = 132 new ErrorObject(UNMET_AUTHENTICATION_REQUIREMENTS_CODE, "Unmet authentication requirements", HTTPResponse.SC_FOUND); 133 134 135 /** 136 * The {@link OIDCError#REGISTRATION_NOT_SUPPORTED} error code string. 137 */ 138 public static final String REGISTRATION_NOT_SUPPORTED_CODE = "registration_not_supported"; 139 140 141 /** 142 * The {@code registration} parameter in the 143 * {@link AuthenticationRequest} is not supported. Applies only to 144 * self-issued OpenID providers. 145 */ 146 public static final ErrorObject REGISTRATION_NOT_SUPPORTED = 147 new ErrorObject(REGISTRATION_NOT_SUPPORTED_CODE, "Registration parameter not supported", HTTPResponse.SC_FOUND); 148 149 150 /** 151 * Prevents public instantiation. 152 */ 153 private OIDCError() { } 154}