Skip to main content

ErrorCodes Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Common.Constants

ErrorCodes Class

Represents OAuth 2.0 and OpenID Connect error codes.

public static class ErrorCodes

Inheritance System.Object → ErrorCodes

Fields

ErrorCodes.AccessDenied Field

The resource owner or authorization server denied the request.

public const string AccessDenied = "access_denied";

Field Value

System.String

ErrorCodes.AccountSelectionRequired Field

The End-User is REQUIRED to select a session at the Authorization Server. The End-User MAY be authenticated at the Authorization Server with different associated accounts, but the End-User did not select a session. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface to prompt for a session to use.

public const string AccountSelectionRequired = "account_selection_required";

Field Value

System.String

ErrorCodes.AuthorizationPending Field

The authorization request is still pending as the end-user has not yet been authenticated.

public const string AuthorizationPending = "authorization_pending";

Field Value

System.String

ErrorCodes.ConfirmationRequired Field

The request requires additional confirmation from the resource owner or authorization server.

public const string ConfirmationRequired = "confirmation_required";

Field Value

System.String

ErrorCodes.ConsentRequired Field

The Authorization Server requires End-User consent. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User consent.

public const string ConsentRequired = "consent_required";

Field Value

System.String

ErrorCodes.ExpiredLoginHintToken Field

The login_hint_token provided in the authentication request is not valid because it has expired.

public const string ExpiredLoginHintToken = "expired_login_hint_token";

Field Value

System.String

ErrorCodes.ExpiredToken Field

The auth_req_id has expired. The Client will need to make a new Authentication Request.

public const string ExpiredToken = "expired_token";

Field Value

System.String

ErrorCodes.InsufficientScope Field

The request requires higher privileges than provided by the access token. Per RFC 6750 Section 3.1, the resource server MUST respond with HTTP 403 (Forbidden) and SHOULD include the scope attribute in the WWW-Authenticate header listing the required scopes.

public const string InsufficientScope = "insufficient_scope";

Field Value

System.String

ErrorCodes.InteractionRequired Field

The Authorization Server requires End-User interaction of some form to proceed. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User interaction.

public const string InteractionRequired = "interaction_required";

Field Value

System.String

ErrorCodes.InvalidAuthorizationDetails Field

The authorization_details parameter in the request is invalid per RFC 9396 §5: an entry's type is unknown to the AS, fields do not match the registered per-type schema, field values are out of the wrong JSON type, or the request otherwise fails to satisfy the per-type validator. The AS MUST refuse to process the request.

public const string InvalidAuthorizationDetails = "invalid_authorization_details";

Field Value

System.String

ErrorCodes.InvalidBindingMessage Field

The binding message is invalid or unacceptable for use in the context of the given request.

public const string InvalidBindingMessage = "invalid_binding_message";

Field Value

System.String

ErrorCodes.InvalidClient Field

Client authentication failed (e.g., unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.

public const string InvalidClient = "invalid_client";

Field Value

System.String

ErrorCodes.InvalidClientMetadata Field

The value of one of the Client Metadata fields is invalid and the server has rejected this request.

public const string InvalidClientMetadata = "invalid_client_metadata";

Field Value

System.String

Remarks

Note that an Authorization Server MAY choose to substitute a valid value for any requested parameter of a Client's Metadata.

ErrorCodes.InvalidDPoPProof Field

The DPoP proof JWT presented with the request is invalid (RFC 9449 §7.1). This is the OAuth-protocol-level error code returned to the client for ANY structural, algorithmic, claim-binding, signature, or replay-protection failure of a DPoP proof. The fine-grained internal reason (used in logs and metrics) is carried separately.

public const string InvalidDPoPProof = "invalid_dpop_proof";

Field Value

System.String

ErrorCodes.InvalidGrant Field

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

public const string InvalidGrant = "invalid_grant";

Field Value

System.String

ErrorCodes.InvalidRedirectUri Field

The value of one or more redirect_uris is invalid.

public const string InvalidRedirectUri = "invalid_redirect_uri";

Field Value

System.String

ErrorCodes.InvalidRequest Field

The request is missing a parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.

public const string InvalidRequest = "invalid_request";

Field Value

System.String

ErrorCodes.InvalidRequestObject Field

The request parameter contains an invalid Request Object.

public const string InvalidRequestObject = "invalid_request_object";

Field Value

System.String

ErrorCodes.InvalidRequestUri Field

The request_uri in the Authorization Request returns an error or contains invalid data.

public const string InvalidRequestUri = "invalid_request_uri";

Field Value

System.String

ErrorCodes.InvalidScope Field

The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner.

public const string InvalidScope = "invalid_scope";

Field Value

System.String

ErrorCodes.InvalidSoftwareStatement Field

The software statement presented is invalid per RFC 7591 Section 3.2.2.

public const string InvalidSoftwareStatement = "invalid_software_statement";

Field Value

System.String

ErrorCodes.InvalidTarget Field

The target resource or identifier provided in the request is invalid.

public const string InvalidTarget = "invalid_target";

Field Value

System.String

ErrorCodes.InvalidToken Field

The access token provided is expired, revoked, malformed, or invalid for other reasons. Per RFC 6750 Section 3.1, the resource server MUST respond with HTTP 401 (Unauthorized).

public const string InvalidToken = "invalid_token";

Field Value

System.String

ErrorCodes.InvalidUserCode Field

The user code was invalid.

public const string InvalidUserCode = "invalid_user_code";

Field Value

System.String

ErrorCodes.LoginRequired Field

The Authorization Server requires End-User authentication. This error MAY be returned when the prompt parameter value in the Authentication Request is none, but the Authentication Request cannot be completed without displaying a user interface for End-User authentication.

public const string LoginRequired = "login_required";

Field Value

System.String

ErrorCodes.MissingUserCode Field

User code is required but was missing from the request.

public const string MissingUserCode = "missing_user_code";

Field Value

System.String

ErrorCodes.RegistrationNotSupported Field

The OpenId Provider does not support use of the registration parameter defined in Section 7.2.1: https://openid.net/specs/openid-connect-core-1\_0.html\#RegistrationParameter

public const string RegistrationNotSupported = "registration_not_supported";

Field Value

System.String

ErrorCodes.RequestNotSupported Field

The OpenId Provider does not support use of the request parameter defined in Section 6: https://openid.net/specs/openid-connect-core-1\_0.html\#JWTRequests

public const string RequestNotSupported = "request_not_supported";

Field Value

System.String

ErrorCodes.RequestUriNotSupported Field

The OpenId Provider does not support use of the request_uri parameter defined in Section 6: https://openid.net/specs/openid-connect-core-1\_0.html\#JWTRequests

public const string RequestUriNotSupported = "request_uri_not_supported";

Field Value

System.String

ErrorCodes.ServerError Field

The authorization server encountered an unexpected condition that prevented it from fulfilling the request.

public const string ServerError = "server_error";

Field Value

System.String

Remarks

This error code is necessary because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.

ErrorCodes.SlowDown Field

A variant of "authorization_pending", the authorization request is still pending and polling should continue, but the interval MUST be increased by at least 5 seconds for this and all further requests.

public const string SlowDown = "slow_down";

Field Value

System.String

ErrorCodes.TemporarilyUnavailable Field

The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.

public const string TemporarilyUnavailable = "temporarily_unavailable";

Field Value

System.String

Remarks

This error code is necessary because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect.

ErrorCodes.UnapprovedSoftwareStatement Field

The software statement was valid but the software has not been approved for use by this authorization server per RFC 7591 Section 3.2.2.

public const string UnapprovedSoftwareStatement = "unapproved_software_statement";

Field Value

System.String

ErrorCodes.UnauthorizedClient Field

The authenticated client is not authorized to use this authorization grant type.

public const string UnauthorizedClient = "unauthorized_client";

Field Value

System.String

ErrorCodes.UnknownUserId Field

The OpenID Provider is not able to identify which end-user the Client wishes to be authenticated by the hint provided in the request (login_hint_token, id_token_hint, or login_hint).

public const string UnknownUserId = "unknown_user_id";

Field Value

System.String

ErrorCodes.UnsupportedGrantType Field

The authorization grant type is not supported by the authorization server.

public const string UnsupportedGrantType = "unsupported_grant_type";

Field Value

System.String

ErrorCodes.UnsupportedResponseType Field

The authorization server does not support obtaining a response using this method.

public const string UnsupportedResponseType = "unsupported_response_type";

Field Value

System.String

ErrorCodes.UnsupportedTokenType Field

The authorization server does not support the revocation of the presented token type. That is, the client tried to revoke an access token on a server not supporting this feature.

public const string UnsupportedTokenType = "unsupported_token_type";

Field Value

System.String

ErrorCodes.UseDPoPNonce Field

The authorization server or resource server requires a DPoP-Nonce in the proof (RFC 9449 §8). The response carries a DPoP-Nonce header with the nonce value the client must include in subsequent proofs.

public const string UseDPoPNonce = "use_dpop_nonce";

Field Value

System.String