Package com.nimbusds.oauth2.sdk

Class AuthorizationErrorResponse

java.lang.Object
com.nimbusds.oauth2.sdk.AuthorizationResponse
com.nimbusds.oauth2.sdk.AuthorizationErrorResponse
All Implemented Interfaces:
ErrorResponse, Message, Response
Direct Known Subclasses:
AuthenticationErrorResponse
@Immutable public class AuthorizationErrorResponse extends AuthorizationResponse implements ErrorResponse
Authorisation error response. Intended only for errors which are allowed to be communicated back to the requesting OAuth 2.0 client, such as access_denied. For a complete list see OAuth 2.0 (RFC 6749), sections 4.1.2.1 and 4.2.2.1.

If the authorisation request fails due to a missing, invalid, or mismatching redirect_uri, or if the client_id is missing or invalid, a response must not be sent back to the requesting client. Instead, the authorisation server should simply display the error to the resource owner.

Standard authorisation errors:

Example HTTP response: 

 HTTP/1.1 302 Found
 Location: https://client.example.com/cb?
 error=invalid_request
 &error_description=the%20request%20is%20not%20valid%20or%20malformed
 &state=af0ifjsldkj

Related specifications:

  • OAuth 2.0 (RFC 6749), sections 4.1.2.1 and 4.2.2.1.
  • OAuth 2.0 Multiple Response Type Encoding Practices 1.0.
  • OAuth 2.0 Form Post Response Mode 1.0.
  • Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).
  • OAuth 2.0 Authorization Server Issuer Identification (RFC 9207)

  • Constructor Details

    • AuthorizationErrorResponse

      public AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, ResponseMode rm)
      Creates a new authorisation error response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      error - The error. Should match one of the standard errors for an authorisation error response. Must not be null.
      state - The state, null if not requested.
      rm - The implied response mode, null if unknown.

    • AuthorizationErrorResponse

      public AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, Issuer issuer, ResponseMode rm)
      Creates a new authorisation error response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      error - The error. Should match one of the standard errors for an authorisation error response. Must not be null.
      state - The state, null if not requested.
      issuer - The issuer, null if not specified.
      rm - The implied response mode, null if unknown.

    • AuthorizationErrorResponse

      public AuthorizationErrorResponse(URI redirectURI, com.nimbusds.jwt.JWT jwtResponse, ResponseMode rm)
      Creates a new JSON Web Token (JWT) secured authorisation error response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      jwtResponse - The JWT-secured response. Must not be null.
      rm - The implied response mode, null if unknown.

  • Method Details

    • getStandardErrors

      public static Set<ErrorObject> getStandardErrors()
      Gets the standard OAuth 2.0 errors for an Authorisation error response.
      Returns:
      The standard errors, as a read-only set.

    • indicatesSuccess

      public boolean indicatesSuccess()
      Description copied from interface: Response
      Checks if the response indicates success.
      Specified by:
      indicatesSuccess in interface Response
      Returns:
      true if the response indicates success, else false.

    • getErrorObject

      public ErrorObject getErrorObject()
      Description copied from interface: ErrorResponse
      Gets the error associated with the error response.
      Specified by:
      getErrorObject in interface ErrorResponse
      Returns:
      The error, null if none.

    • impliedResponseMode

      public ResponseMode impliedResponseMode()
      Description copied from class: AuthorizationResponse
      Determines the implied response mode.
      Specified by:
      impliedResponseMode in class AuthorizationResponse
      Returns:
      The implied response mode.

    • toParameters

      public Map<String,List<String>> toParameters()
      Description copied from class: AuthorizationResponse
      Returns the parameters of this authorisation response.

      Example parameters (authorisation success): 

       access_token = 2YotnFZFEjr1zCsicMWpAA
 state = xyz
 token_type = example
 expires_in = 3600
      Specified by:
      toParameters in class AuthorizationResponse
      Returns:
      The parameters as a map.

    • parse

      public static AuthorizationErrorResponse parse(URI redirectURI, Map<String,List<String>> params) throws ParseException
      Parses an authorisation error response.
      Parameters:
      redirectURI - The base redirection URI. Must not be null.
      params - The response parameters to parse. Must not be null.
      Returns:
      The authorisation error response.
      Throws:
      ParseException - If the parameters couldn't be parsed to an authorisation error response.

    • parse

      public static AuthorizationErrorResponse parse(URI uri) throws ParseException
      Parses an authorisation error response.

      Use a relative URI if the host, port and path details are not known: 

       URI relUrl = new URI("https:///?error=invalid_request");

      Example URI: 

       https://client.example.com/cb?
 error=invalid_request
 &error_description=the%20request%20is%20not%20valid%20or%20malformed
 &state=af0ifjsldkj
      Parameters:
      uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authorisation response parameters. Must not be null.
      Returns:
      The authorisation error response.
      Throws:
      ParseException - If the URI couldn't be parsed to an authorisation error response.

    • parse

      public static AuthorizationErrorResponse parse(HTTPResponse httpResponse) throws ParseException
      Parses an authorisation error response from the specified initial HTTP 302 redirect response generated at the authorisation endpoint.

      Example HTTP response: 

       HTTP/1.1 302 Found
 Location: https://client.example.com/cb?error=invalid_request&state=af0ifjsldkj
      Parameters:
      httpResponse - The HTTP response to parse. Must not be null.
      Returns:
      The authorisation error response.
      Throws:
      ParseException - If the HTTP response couldn't be parsed to an authorisation error response.
      See Also:

    • parse

      public static AuthorizationErrorResponse parse(HTTPRequest httpRequest) throws ParseException
      Parses an authorisation error response from the specified HTTP request at the client redirection (callback) URI. Applies to query, fragment and form_post response modes.

      Example HTTP request (authorisation success): 

       GET /cb?error=invalid_request&state=af0ifjsldkj HTTP/1.1
 Host: client.example.com
      Parameters:
      httpRequest - The HTTP request to parse. Must not be null.
      Returns:
      The authorisation error response.
      Throws:
      ParseException - If the HTTP request couldn't be parsed to an authorisation error response.
      See Also: