import { AuthorizationFailRequest } from "https://deno.land/x/authlete_deno@v1.2.7/src/dto/authorization_fail_request.ts";
const { Reason } = AuthorizationFailRequest;
Failure reasons of authorization requests.
Members
The authorization server cannot obtain an account selection choice made by the end-user.
Using this reason will result in error=account_selection_required
.
The authorization request from the client application contained
acr
claim in claims
request parameter and the claim was
marked as essential, but the ACR performed for the end-user
does not match any one of the requested ACRs.
Using this reason will result in error=login_required
.
The authorization server cannot obtain consent from the end-user.
Using this reason will result in error=consent_required
.
The end-user denied the authorization request from the client application.
Using this reason will result in error=access_denied
.
The authorization request from the client application requested
a specific value for sub
claim, but the current end-user (in
the case of prompt=none
) or the end-user after the authentication
is different from the specified value.
Using this reason will result in error=login_required
.
The authorization request from the client application contained
prompt=none
, but the time specified by max_age
request
parameter or by default_max_age
configuration parameter
has passed since the time at which the end-user logged in.
See OpenID Connect Core 1.0, 3.1.2.1. Authentication Request
for prompt
and max_age
request parameters.
See OpenID Connect Dynamic Client Registration 1.0, 2. Client
Metadata
for default_max_age
configuration parameter.
Using this reason will result in error=login_required
.
The authorization server needs interaction with the end-user.
Using this reason will result in error=interaction_required
.
The requested resource is invalid, missing, unknown, or malformed. See "Resource Indicators for OAuth 2.0" for details.
Using this reason will result in error=invalid_target
.
The authorization request from the client application contained
max_age
parameter with a non-zero value or the client's
configuration has a non-zero value for default_max_age
configuration parameter, but the service implementation cannot
behave properly based on the max age value mainly because the
service implementation does not manage authentication time
of end-users.
See OpenID Connect Core 1.0, 3.1.2.1. Authentication Request
for max_age
request parameter.
See OpenID Connect Dynamic Client Registration 1.0, 2. Client
Metadata
for default_max_age
configuration parameter.
Using this reason will result in error=login_required
.
The end-user was not authenticated.
Using this reason will result in error=login_required
.
The authorization request from the client application contained
prompt=none
, but any end-user has not logged in.
See OpenID Connect Core 1.0, 3.1.2.1. Authentication Request
for prompt
request parameter.
Using this reason will result in error=login_required
.