ErrorCodes Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Common.Constants
ErrorCodes Class
Represents OAuth 2.0 and OpenID Connect error codes.
public static class ErrorCodes
Inheritance System.Object → ErrorCodes
Fields
ErrorCodes.AccessDenied Field
The resource owner or authorization server denied the request.
public const string AccessDenied = "access_denied";
Field Value
ErrorCodes.AccountSelectionRequired Field
The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface to prompt for a session to use.
public const string AccountSelectionRequired = "account_selection_required";
Field Value
ErrorCodes.AuthorizationPending Field
The authorization request is still pending as the end-user has not yet been authenticated.
public const string AuthorizationPending = "authorization_pending";
Field Value
ErrorCodes.ConfirmationRequired Field
The request requires additional confirmation from the resource owner or authorization server.
public const string ConfirmationRequired = "confirmation_required";
Field Value
ErrorCodes.ConsentRequired Field
The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User consent.
public const string ConsentRequired = "consent_required";
Field Value
ErrorCodes.ExpiredLoginHintToken Field
The login_hint_token provided in the authentication request is not valid because it has expired.
public const string ExpiredLoginHintToken = "expired_login_hint_token";
Field Value
ErrorCodes.ExpiredToken Field
The auth_req_id has expired. The Client will need to make a new Authentication Request.
public const string ExpiredToken = "expired_token";
Field Value
ErrorCodes.InsufficientScope Field
The request requires higher privileges than provided by the access token.
Per RFC 6750 Section 3.1, the resource server MUST respond with HTTP 403 (Forbidden)
and SHOULD include the scope attribute in the WWW-Authenticate header
listing the required scopes.
public const string InsufficientScope = "insufficient_scope";
Field Value
ErrorCodes.InteractionRequired Field
The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User interaction.
public const string InteractionRequired = "interaction_required";
Field Value
ErrorCodes.InvalidAuthorizationDetails Field
The authorization_details parameter in the request is invalid per RFC 9396 §5:
an entry's type is unknown to the AS, fields do not match the registered per-type
schema, field values are out of the wrong JSON type, or the request otherwise fails to
satisfy the per-type validator. The AS MUST refuse to process the request.
public const string InvalidAuthorizationDetails = "invalid_authorization_details";
Field Value
ErrorCodes.InvalidBindingMessage Field
The binding message is invalid or unacceptable for use in the context of the given request.
public const string InvalidBindingMessage = "invalid_binding_message";
Field Value
ErrorCodes.InvalidClient Field
Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.
public const string InvalidClient = "invalid_client";
Field Value
ErrorCodes.InvalidClientMetadata Field
The value of one of the Client Metadata fields is invalid and the server has rejected this request.
public const string InvalidClientMetadata = "invalid_client_metadata";
Field Value
Remarks
Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.
ErrorCodes.InvalidDPoPProof Field
The DPoP proof JWT presented with the request is invalid (RFC 9449 §7.1). This is the OAuth-protocol-level error code returned to the client for ANY structural, algorithmic, claim-binding, signature, or replay-protection failure of a DPoP proof. The fine-grained internal reason (used in logs and metrics) is carried separately.
public const string InvalidDPoPProof = "invalid_dpop_proof";
Field Value
ErrorCodes.InvalidGrant Field
The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
public const string InvalidGrant = "invalid_grant";
Field Value
ErrorCodes.InvalidRedirectUri Field
The value of one or more redirect_uris is invalid.
public const string InvalidRedirectUri = "invalid_redirect_uri";
Field Value
ErrorCodes.InvalidRequest Field
The request is missing a parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.
public const string InvalidRequest = "invalid_request";
Field Value
ErrorCodes.InvalidRequestObject Field
The request parameter contains an invalid Request Object.
public const string InvalidRequestObject = "invalid_request_object";
Field Value
ErrorCodes.InvalidRequestUri Field
The request_uri in the Authorization Request returns an error or contains invalid data.
public const string InvalidRequestUri = "invalid_request_uri";
Field Value
ErrorCodes.InvalidScope Field
The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.
public const string InvalidScope = "invalid_scope";
Field Value
ErrorCodes.InvalidSoftwareStatement Field
The software statement presented is invalid per RFC 7591 Section 3.2.2.
public const string InvalidSoftwareStatement = "invalid_software_statement";
Field Value
ErrorCodes.InvalidTarget Field
The target resource or identifier provided in the request is invalid.
public const string InvalidTarget = "invalid_target";
Field Value
ErrorCodes.InvalidToken Field
The access token provided is expired, revoked, malformed, or invalid for other reasons. Per RFC 6750 Section 3.1, the resource server MUST respond with HTTP 401 (Unauthorized).
public const string InvalidToken = "invalid_token";
Field Value
ErrorCodes.InvalidUserCode Field
The user code was invalid.
public const string InvalidUserCode = "invalid_user_code";
Field Value
ErrorCodes.LoginRequired Field
The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.
public const string LoginRequired = "login_required";
Field Value
ErrorCodes.MissingUserCode Field
User code is required but was missing from the request.
public const string MissingUserCode = "missing_user_code";
Field Value
ErrorCodes.RegistrationNotSupported Field
The OpenId Provider does not support use of the registration parameter defined in Section 7.2.1: https://openid.net/specs/openid-connect-core-1\_0.html\#RegistrationParameter
public const string RegistrationNotSupported = "registration_not_supported";
Field Value
ErrorCodes.RequestNotSupported Field
The OpenId Provider does not support use of the request parameter defined in Section 6: https://openid.net/specs/openid-connect-core-1\_0.html\#JWTRequests
public const string RequestNotSupported = "request_not_supported";
Field Value
ErrorCodes.RequestUriNotSupported Field
The OpenId Provider does not support use of the request_uri parameter defined in Section 6: https://openid.net/specs/openid-connect-core-1\_0.html\#JWTRequests
public const string RequestUriNotSupported = "request_uri_not_supported";
Field Value
ErrorCodes.ServerError Field
The authorization server encountered an unexpected condition that prevented it from fulfilling the request.
public const string ServerError = "server_error";
Field Value
Remarks
This error code is necessary because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.
ErrorCodes.SlowDown Field
A variant of "authorization_pending", the authorization request is still pending and polling should continue, but the interval MUST be increased by at least 5 seconds for this and all further requests.
public const string SlowDown = "slow_down";
Field Value
ErrorCodes.TemporarilyUnavailable Field
The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
public const string TemporarilyUnavailable = "temporarily_unavailable";
Field Value
Remarks
This error code is necessary because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.
ErrorCodes.UnapprovedSoftwareStatement Field
The software statement was valid but the software has not been approved for use by this authorization server per RFC 7591 Section 3.2.2.
public const string UnapprovedSoftwareStatement = "unapproved_software_statement";
Field Value
ErrorCodes.UnauthorizedClient Field
The authenticated client is not authorized to use this authorization grant type.
public const string UnauthorizedClient = "unauthorized_client";
Field Value
ErrorCodes.UnknownUserId Field
The OpenID Provider is not able to identify which end-user the Client wishes to be authenticated by the hint provided in the request (login_hint_token, id_token_hint, or login_hint).
public const string UnknownUserId = "unknown_user_id";
Field Value
ErrorCodes.UnsupportedGrantType Field
The authorization grant type is not supported by the authorization server.
public const string UnsupportedGrantType = "unsupported_grant_type";
Field Value
ErrorCodes.UnsupportedResponseType Field
The authorization server does not support obtaining a response using this method.
public const string UnsupportedResponseType = "unsupported_response_type";
Field Value
ErrorCodes.UnsupportedTokenType Field
The authorization server does not support the revocation of the presented token type. That is, the client tried to revoke an access token on a server not supporting this feature.
public const string UnsupportedTokenType = "unsupported_token_type";
Field Value
ErrorCodes.UseDPoPNonce Field
The authorization server or resource server requires a DPoP-Nonce in the proof
(RFC 9449 §8). The response carries a DPoP-Nonce header with the nonce value
the client must include in subsequent proofs.
public const string UseDPoPNonce = "use_dpop_nonce";