Package com.nimbusds.oauth2.sdk
Class AuthorizationErrorResponse
- java.lang.Object
-
- com.nimbusds.oauth2.sdk.AuthorizationResponse
-
- com.nimbusds.oauth2.sdk.AuthorizationErrorResponse
-
- All Implemented Interfaces:
ErrorResponse
,Message
,Response
- Direct Known Subclasses:
AuthenticationErrorResponse
@Immutable public class AuthorizationErrorResponse extends AuthorizationResponse implements ErrorResponse
Authorisation error response. Intended only for errors which are allowed to be communicated back to the requesting OAuth 2.0 client, such asaccess_denied
. For a complete list see OAuth 2.0 (RFC 6749), sections 4.1.2.1 and 4.2.2.1.If the authorisation request fails due to a missing, invalid, or mismatching
redirect_uri
, or if theclient_id
is missing or invalid, a response must not be sent back to the requesting client. Instead, the authorisation server should simply display the error to the resource owner.Standard authorisation errors:
OAuth2Error.INVALID_REQUEST
OAuth2Error.UNAUTHORIZED_CLIENT
OAuth2Error.ACCESS_DENIED
OAuth2Error.UNSUPPORTED_RESPONSE_TYPE
OAuth2Error.INVALID_SCOPE
OAuth2Error.SERVER_ERROR
OAuth2Error.TEMPORARILY_UNAVAILABLE
Example HTTP response:
HTTP/1.1 302 Found Location: https://client.example.com/cb? error=invalid_request &error_description=the%20request%20is%20not%20valid%20or%20malformed &state=af0ifjsldkj
Related specifications:
- OAuth 2.0 (RFC 6749), sections 4.1.2.1 and 4.2.2.1.
- OAuth 2.0 Multiple Response Type Encoding Practices 1.0.
- OAuth 2.0 Form Post Response Mode 1.0.
- Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).
- OAuth 2.0 Authorization Server Issuer Identifier in Authorization Response (draft-ietf-oauth-iss-auth-resp-00).
-
-
Constructor Summary
Constructors Constructor Description AuthorizationErrorResponse(URI redirectURI, com.nimbusds.jwt.JWT jwtResponse, ResponseMode rm)
Creates a new JSON Web Token (JWT) secured authorisation error response.AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, Issuer issuer, ResponseMode rm)
Creates a new authorisation error response.AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, ResponseMode rm)
Creates a new authorisation error response.
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description ErrorObject
getErrorObject()
Gets the error associated with the error response.static Set<ErrorObject>
getStandardErrors()
Gets the standard OAuth 2.0 errors for an Authorisation error response.ResponseMode
impliedResponseMode()
Determines the implied response mode.boolean
indicatesSuccess()
Checks if the response indicates success.static AuthorizationErrorResponse
parse(HTTPRequest httpRequest)
Parses an authorisation error response from the specified HTTP request at the client redirection (callback) URI.static AuthorizationErrorResponse
parse(HTTPResponse httpResponse)
Parses an authorisation error response from the specified initial HTTP 302 redirect response generated at the authorisation endpoint.static AuthorizationErrorResponse
parse(URI uri)
Parses an authorisation error response.static AuthorizationErrorResponse
parse(URI redirectURI, Map<String,List<String>> params)
Parses an authorisation error response.Map<String,List<String>>
toParameters()
Returns the parameters of this authorisation response.-
Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationResponse
getIssuer, getJWTResponse, getRedirectionURI, getResponseMode, getState, parse, parse, parse, parse, parseResponseParameters, parseResponseParameters, toErrorResponse, toHTTPRequest, toHTTPResponse, toSuccessResponse, toURI
-
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
-
Methods inherited from interface com.nimbusds.oauth2.sdk.Response
toHTTPResponse
-
-
-
-
Constructor Detail
-
AuthorizationErrorResponse
public AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, ResponseMode rm)
Creates a new authorisation error response.- Parameters:
redirectURI
- The base redirection URI. Must not benull
.error
- The error. Should match one of thestandard errors
for an authorisation error response. Must not benull
.state
- The state,null
if not requested.rm
- The implied response mode,null
if unknown.
-
AuthorizationErrorResponse
public AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, Issuer issuer, ResponseMode rm)
Creates a new authorisation error response.- Parameters:
redirectURI
- The base redirection URI. Must not benull
.error
- The error. Should match one of thestandard errors
for an authorisation error response. Must not benull
.state
- The state,null
if not requested.issuer
- The issuer,null
if not specified.rm
- The implied response mode,null
if unknown.
-
AuthorizationErrorResponse
public AuthorizationErrorResponse(URI redirectURI, com.nimbusds.jwt.JWT jwtResponse, ResponseMode rm)
Creates a new JSON Web Token (JWT) secured authorisation error response.- Parameters:
redirectURI
- The base redirection URI. Must not benull
.jwtResponse
- The JWT-secured response. Must not benull
.rm
- The implied response mode,null
if unknown.
-
-
Method Detail
-
getStandardErrors
public static Set<ErrorObject> getStandardErrors()
Gets the standard OAuth 2.0 errors for an Authorisation error response.- Returns:
- The standard errors, as a read-only set.
-
indicatesSuccess
public boolean indicatesSuccess()
Description copied from interface:Response
Checks if the response indicates success.- Specified by:
indicatesSuccess
in interfaceResponse
- Returns:
true
if the response indicates success, elsefalse
.
-
getErrorObject
public ErrorObject getErrorObject()
Description copied from interface:ErrorResponse
Gets the error associated with the error response.- Specified by:
getErrorObject
in interfaceErrorResponse
- Returns:
- The error,
null
if none.
-
impliedResponseMode
public ResponseMode impliedResponseMode()
Description copied from class:AuthorizationResponse
Determines the implied response mode.- Specified by:
impliedResponseMode
in classAuthorizationResponse
- Returns:
- The implied response mode.
-
toParameters
public Map<String,List<String>> toParameters()
Description copied from class:AuthorizationResponse
Returns the parameters of this authorisation response.Example parameters (authorisation success):
access_token = 2YotnFZFEjr1zCsicMWpAA state = xyz token_type = example expires_in = 3600
- Specified by:
toParameters
in classAuthorizationResponse
- Returns:
- The parameters as a map.
-
parse
public static AuthorizationErrorResponse parse(URI redirectURI, Map<String,List<String>> params) throws ParseException
Parses an authorisation error response.- Parameters:
redirectURI
- The base redirection URI. Must not benull
.params
- The response parameters to parse. Must not benull
.- Returns:
- The authorisation error response.
- Throws:
ParseException
- If the parameters couldn't be parsed to an authorisation error response.
-
parse
public static AuthorizationErrorResponse parse(URI uri) throws ParseException
Parses an authorisation error response.Use a relative URI if the host, port and path details are not known:
URI relUrl = new URI("https:///?error=invalid_request");
Example URI:
https://client.example.com/cb? error=invalid_request &error_description=the%20request%20is%20not%20valid%20or%20malformed &state=af0ifjsldkj
- Parameters:
uri
- The URI to parse. Can be absolute or relative, with a fragment or query string containing the authorisation response parameters. Must not benull
.- Returns:
- The authorisation error response.
- Throws:
ParseException
- If the URI couldn't be parsed to an authorisation error response.
-
parse
public static AuthorizationErrorResponse parse(HTTPResponse httpResponse) throws ParseException
Parses an authorisation error response from the specified initial HTTP 302 redirect response generated at the authorisation endpoint.Example HTTP response:
HTTP/1.1 302 Found Location: https://client.example.com/cb?error=invalid_request&state=af0ifjsldkj
- Parameters:
httpResponse
- The HTTP response to parse. Must not benull
.- Returns:
- The authorisation error response.
- Throws:
ParseException
- If the HTTP response couldn't be parsed to an authorisation error response.- See Also:
parse(HTTPRequest)
-
parse
public static AuthorizationErrorResponse parse(HTTPRequest httpRequest) throws ParseException
Parses an authorisation error response from the specified HTTP request at the client redirection (callback) URI. Applies toquery
,fragment
andform_post
response modes.Example HTTP request (authorisation success):
GET /cb?error=invalid_request&state=af0ifjsldkj HTTP/1.1 Host: client.example.com
- Parameters:
httpRequest
- The HTTP request to parse. Must not benull
.- Returns:
- The authorisation error response.
- Throws:
ParseException
- If the HTTP request couldn't be parsed to an authorisation error response.- See Also:
parse(HTTPResponse)
-
-