Package com.nimbusds.oauth2.sdk

Class AuthorizationErrorResponse

java.lang.Object

com.nimbusds.oauth2.sdk.AuthorizationResponse

com.nimbusds.oauth2.sdk.AuthorizationErrorResponse

All Implemented Interfaces:

ErrorResponse, Message, Response

Direct Known Subclasses:

AuthenticationErrorResponse

@Immutable
public class AuthorizationErrorResponse
extends AuthorizationResponse
implements ErrorResponse

Authorisation error response. Intended only for errors which are allowed to be communicated back to the requesting OAuth 2.0 client, such as access_denied. For a complete list see OAuth 2.0 (RFC 6749), sections 4.1.2.1 and 4.2.2.1.

If the authorisation request fails due to a missing, invalid, or mismatching redirect_uri, or if the client_id is missing or invalid, a response must not be sent back to the requesting client. Instead, the authorisation server should simply display the error to the resource owner.

Standard authorisation errors:

• OAuth2Error.INVALID_REQUEST
• OAuth2Error.UNAUTHORIZED_CLIENT
• OAuth2Error.ACCESS_DENIED
• OAuth2Error.UNSUPPORTED_RESPONSE_TYPE
• OAuth2Error.INVALID_SCOPE
• OAuth2Error.SERVER_ERROR
• OAuth2Error.TEMPORARILY_UNAVAILABLE

Example HTTP response:

 HTTP/1.1 302 Found
 Location: https://client.example.com/cb?
 error=invalid_request
 &error_description=the%20request%20is%20not%20valid%20or%20malformed
 &state=af0ifjsldkj
 

Related specifications:

• OAuth 2.0 (RFC 6749), sections 4.1.2.1 and 4.2.2.1.
• OAuth 2.0 Multiple Response Type Encoding Practices 1.0.
• OAuth 2.0 Form Post Response Mode 1.0.
• Financial-grade API: JWT Secured Authorization Response Mode for OAuth 2.0 (JARM).

Constructor Summary

Constructors

Constructor	Description
AuthorizationErrorResponse(URI redirectURI, com.nimbusds.jwt.JWT jwtResponse, ResponseMode rm)	Creates a new JSON Web Token (JWT) secured authorisation error response.
AuthorizationErrorResponse(URI redirectURI, ErrorObject error, State state, ResponseMode rm)	Creates a new authorisation error response.

Method Summary

Modifier and Type	Method	Description
ErrorObject	getErrorObject()	Gets the error associated with the error response.
static Set<ErrorObject>	getStandardErrors()	Gets the standard OAuth 2.0 errors for an Authorisation error response.
ResponseMode	impliedResponseMode()	Determines the implied response mode.
boolean	indicatesSuccess()	Checks if the response indicates success.
static AuthorizationErrorResponse	parse(HTTPRequest httpRequest)	Parses an authorisation error response from the specified HTTP request at the client redirection (callback) URI.
static AuthorizationErrorResponse	parse(HTTPResponse httpResponse)	Parses an authorisation error response from the specified initial HTTP 302 redirect response generated at the authorisation endpoint.
static AuthorizationErrorResponse	parse(URI uri)	Parses an authorisation error response.
static AuthorizationErrorResponse	parse(URI redirectURI, Map<String,List<String>> params)	Parses an authorisation error response.
Map<String,List<String>>	toParameters()	Returns the parameters of this authorisation response.

Methods inherited from class com.nimbusds.oauth2.sdk.AuthorizationResponse

getJWTResponse, getRedirectionURI, getResponseMode, getState, parse, parse, parse, parse, parseResponseParameters, parseResponseParameters, toErrorResponse, toHTTPRequest, toHTTPResponse, toSuccessResponse, toURI

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface com.nimbusds.oauth2.sdk.Response

toHTTPResponse

Constructor Detail

AuthorizationErrorResponse

public AuthorizationErrorResponse(URI redirectURI,
                                  ErrorObject error,
                                  State state,
                                  ResponseMode rm)

Creates a new authorisation error response.

Parameters:

redirectURI - The base redirection URI. Must not be null.

error - The error. Should match one of the standard errors for an authorisation error response. Must not be null.

state - The state, null if not requested.

rm - The implied response mode, null if unknown.

AuthorizationErrorResponse

public AuthorizationErrorResponse(URI redirectURI,
                                  com.nimbusds.jwt.JWT jwtResponse,
                                  ResponseMode rm)

Creates a new JSON Web Token (JWT) secured authorisation error response.

Parameters:

redirectURI - The base redirection URI. Must not be null.

jwtResponse - The JWT-secured response. Must not be null.

rm - The implied response mode, null if unknown.

Method Detail

getStandardErrors

public static Set<ErrorObject> getStandardErrors()

Gets the standard OAuth 2.0 errors for an Authorisation error response.

Returns:

The standard errors, as a read-only set.

indicatesSuccess

public boolean indicatesSuccess()

Description copied from interface: Response

Checks if the response indicates success.

Specified by:

indicatesSuccess in interface Response

Returns:

true if the response indicates success, else false.

getErrorObject

public ErrorObject getErrorObject()

Description copied from interface: ErrorResponse

Gets the error associated with the error response.

Specified by:

getErrorObject in interface ErrorResponse

Returns:

The error, null if none.

impliedResponseMode

public ResponseMode impliedResponseMode()

Description copied from class: AuthorizationResponse

Determines the implied response mode.

Specified by:

impliedResponseMode in class AuthorizationResponse

Returns:

The implied response mode.

toParameters

public Map<String,List<String>> toParameters()

Description copied from class: AuthorizationResponse

Returns the parameters of this authorisation response.

Example parameters (authorisation success):

 access_token = 2YotnFZFEjr1zCsicMWpAA
 state = xyz
 token_type = example
 expires_in = 3600
 

Specified by:

toParameters in class AuthorizationResponse

Returns:

The parameters as a map.

parse

public static AuthorizationErrorResponse parse(URI redirectURI,
                                               Map<String,List<String>> params)
                                        throws ParseException

Parses an authorisation error response.

Parameters:

redirectURI - The base redirection URI. Must not be null.

params - The response parameters to parse. Must not be null.

Returns:

The authorisation error response.

Throws:

ParseException - If the parameters couldn't be parsed to an authorisation error response.

parse

public static AuthorizationErrorResponse parse(URI uri)
                                        throws ParseException

Parses an authorisation error response.

Use a relative URI if the host, port and path details are not known:

 URI relUrl = new URI("https:///?error=invalid_request");
 

Example URI:

 https://client.example.com/cb?
 error=invalid_request
 &error_description=the%20request%20is%20not%20valid%20or%20malformed
 &state=af0ifjsldkj
 

Parameters:

uri - The URI to parse. Can be absolute or relative, with a fragment or query string containing the authorisation response parameters. Must not be null.

Returns:

The authorisation error response.

Throws:

ParseException - If the URI couldn't be parsed to an authorisation error response.

parse

public static AuthorizationErrorResponse parse(HTTPResponse httpResponse)
                                        throws ParseException

Parses an authorisation error response from the specified initial HTTP 302 redirect response generated at the authorisation endpoint.

Example HTTP response:

 HTTP/1.1 302 Found
 Location: https://client.example.com/cb?error=invalid_request&state=af0ifjsldkj
 

Parameters:

httpResponse - The HTTP response to parse. Must not be null.

Returns:

The authorisation error response.

Throws:

ParseException - If the HTTP response couldn't be parsed to an authorisation error response.

See Also:

parse(HTTPRequest)

parse

public static AuthorizationErrorResponse parse(HTTPRequest httpRequest)
                                        throws ParseException

Parses an authorisation error response from the specified HTTP request at the client redirection (callback) URI. Applies to query, fragment and form_post response modes.

Example HTTP request (authorisation success):

 GET /cb?error=invalid_request&state=af0ifjsldkj HTTP/1.1
 Host: client.example.com
 

Parameters:

httpRequest - The HTTP request to parse. Must not be null.

Returns:

The authorisation error response.

Throws:

ParseException - If the HTTP request couldn't be parsed to an authorisation error response.

See Also:

parse(HTTPResponse)