Package com.authlete.common.dto

Enum BackchannelAuthenticationFailRequest.Reason

    • Enum Constant Detail

      • EXPIRED_LOGIN_HINT_TOKEN

        public static final BackchannelAuthenticationFailRequest.Reason EXPIRED_LOGIN_HINT_TOKEN
        The login_hint_token included in the backchannel authentication request is not valid because it has expired.

        Note that the CIBA Core specification does not describe the format of login_hint_token and how to detect expiration.

        Using this reason will result in "error":"expired_login_hint_token".

      • UNKNOWN_USER_ID

        public static final BackchannelAuthenticationFailRequest.Reason UNKNOWN_USER_ID
        The authorization server is not able to identify which end-user the client wishes to be authenticated by means of the hint (login_hint_token, id_token_hint or login_hint) included in the backchannel authentication request.

        Using this reason will result in "error":"unknown_user_id".

      • UNAUTHORIZED_CLIENT

        public static final BackchannelAuthenticationFailRequest.Reason UNAUTHORIZED_CLIENT
        The client is not authorized to use the CIBA flow.

        Note that /api/backchannel/authentication API does not return action=USER_IDENTIFICATION in cases where the client does not exist or client authentication has failed. Therefore, the authorization server implementation will never have to call /api/backchannel/authentication/fail API with reason=UNAUTHORIZED_CLIENT unless the server has intentionally implemented custom rules to reject backchannel authentication requests from particular clients.

        Using this reason will result in "error":"unauthorized_client".

      • MISSING_USER_CODE

        public static final BackchannelAuthenticationFailRequest.Reason MISSING_USER_CODE
        A user code is required but the backchannel authentication request does not contain it.

        Note that /api/backchannel/authentication API does not return action=USER_IDENTIFICATION when both the backchannel_user_code_parameter_supported metadata of the server and the backchannel_user_code_parameter metadata of the client are true and the backchannel authentication request does not include the user_code request parameter. In this case, /api/backchannel/authentication API returns action=BAD_REQUEST with JSON containing "error":"missing_user_code".

        Therefore, the authorization server implementation will never have to call /api/backchannel/authentication/fail API with reason=MISSING_USER_CODE unless the server has intentionally implemented custom rules to require a user code even in the case where the backchannel_user_code_parameter metadata of the client which has made the backchannel authentication request is false.

        Using this reason will result in "error":"missing_user_code".

      • INVALID_USER_CODE

        public static final BackchannelAuthenticationFailRequest.Reason INVALID_USER_CODE
        The user code included in the authentication request is invalid.

        Using this reason will result in "error":"invalid_user_code".

      • INVALID_BINDING_MESSAGE

        public static final BackchannelAuthenticationFailRequest.Reason INVALID_BINDING_MESSAGE
        The binding message is invalid or unacceptable for use in the context of the given backchannel authentication request.

        Using this reason will result in "error":"invalid_binding_message".

        Since:
        2.35

      • INVALID_TARGET

        public static final BackchannelAuthenticationFailRequest.Reason INVALID_TARGET
        The requested resource is invalid, missing, unknown, or malformed. See "Resource Indicators for OAuth 2.0" for details.

        Using this reason will result in "error":"invalid_target".

        Since:
        2.62

      • ACCESS_DENIED

        public static final BackchannelAuthenticationFailRequest.Reason ACCESS_DENIED
        The resource owner or the authorization server denied the request.

        Calling /api/backchannel/authentication/fail API with this reason implies that the backchannel authentication endpoint is going to return an error of access_denied to the client application without asking the end-user whether she authorizes or rejects the request.

        Using this reason will result in "error":"access_denied".

      • SERVER_ERROR

        public static final BackchannelAuthenticationFailRequest.Reason SERVER_ERROR
        The backchannel authentication request cannot be processed successfully due to a server-side error.

        Using this reason will result in "error":"server_error".

    • Method Detail

      • values

        public static BackchannelAuthenticationFailRequest.Reason[] values()
        Returns an array containing the constants of this enum type, in the order they are declared. This method may be used to iterate over the constants as follows: 
        for (BackchannelAuthenticationFailRequest.Reason c : BackchannelAuthenticationFailRequest.Reason.values())
    System.out.println(c);
        Returns:
        an array containing the constants of this enum type, in the order they are declared

      • valueOf

        public static BackchannelAuthenticationFailRequest.Reason valueOf​(String name)
        Returns the enum constant of this type with the specified name. The string must match exactly an identifier used to declare an enum constant in this type. (Extraneous whitespace characters are not permitted.)
        Parameters:
        name - the name of the enum constant to be returned.
        Returns:
        the enum constant with the specified name
        Throws:
        IllegalArgumentException - if this enum type has no constant with the specified name
        NullPointerException - if the argument is null