OAuth2Error uses ConstantsTrait

Enumeration of standard OAuth 2.0 / OIDC error codes.

$data = json_decode( $response->getBody()->getContents() , true ) ;

if ( ( $data[ OAuth2TokenField::ERROR ] ?? null ) === OAuth2Error::INVALID_GRANT )
{
    // Refresh token expired or revoked — force re-authentication.
}

Tags

author

Marc Alcaraz (ekameleon)

since

1.1.0

Table of Contents

Constants

ACCESS_DENIED  : string = 'access_denied'

`access_denied` — The resource owner or authorization server denied the request.

ACCOUNT_SELECTION_REQUIRED  : string = 'account_selection_required'

`account_selection_required` — The end-user is required to select a session at the authorization server.

AUTHORIZATION_PENDING  : string = 'authorization_pending'

`authorization_pending` — The user has not yet completed the authorization step at the verification URI. The client should continue polling using the same `interval`.

CONSENT_REQUIRED  : string = 'consent_required'

`consent_required` — The authorization server requires end-user consent. Returned when `prompt=none` was used but consent is needed.

EXPIRED_TOKEN  : string = 'expired_token'

`expired_token` — The `device_code` has expired and the device authorization session has concluded. The client MAY commence a new device authorization request.

INTERACTION_REQUIRED  : string = 'interaction_required'

`interaction_required` — The authorization server requires end-user interaction of some form to proceed. Returned when `prompt=none` was used but user interaction is needed.

INVALID_CLIENT  : string = 'invalid_client'

`invalid_client` — Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method).

INVALID_DPOP_PROOF  : string = 'invalid_dpop_proof'

`invalid_dpop_proof` — The DPoP proof JWT supplied by the client is invalid (signature, claims, binding...).

INVALID_GRANT  : string = 'invalid_grant'

`invalid_grant` — The provided authorization grant (e.g. authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

INVALID_REQUEST  : string = 'invalid_request'

`invalid_request` — The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

INVALID_REQUEST_OBJECT  : string = 'invalid_request_object'

`invalid_request_object` — The request parameter contains an invalid Request Object.

INVALID_REQUEST_URI  : string = 'invalid_request_uri'

`invalid_request_uri` — The `request_uri` in the authorization request returns an error or contains invalid data.

INVALID_SCOPE  : string = 'invalid_scope'

`invalid_scope` — The requested scope is invalid, unknown, or malformed.

INVALID_TARGET  : string = 'invalid_target'

`invalid_target` — The requested resource is invalid, missing, unknown, or malformed.

LOGIN_REQUIRED  : string = 'login_required'

`login_required` — The authorization server requires end-user authentication. Returned when `prompt=none` was used but no end-user is currently authenticated.

REGISTRATION_NOT_SUPPORTED  : string = 'registration_not_supported'

`registration_not_supported` — The authorization server does not support use of the `registration` parameter.

REQUEST_NOT_SUPPORTED  : string = 'request_not_supported'

`request_not_supported` — The authorization server does not support use of the `request` parameter.

REQUEST_URI_NOT_SUPPORTED  : string = 'request_uri_not_supported'

`request_uri_not_supported` — The authorization server does not support use of the `request_uri` parameter.

SERVER_ERROR  : string = 'server_error'

`server_error` — The authorization server encountered an unexpected condition that prevented it from fulfilling the request.

SLOW_DOWN  : string = 'slow_down'

`slow_down` — Polling is happening too frequently. The client MUST increase its polling interval by 5 seconds.

TEMPORARILY_UNAVAILABLE  : string = 'temporarily_unavailable'

`temporarily_unavailable` — The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.

UNAUTHORIZED_CLIENT  : string = 'unauthorized_client'

`unauthorized_client` — The client is not authorized to request an authorization code (or token) using the requested method.

UNSUPPORTED_GRANT_TYPE  : string = 'unsupported_grant_type'

`unsupported_grant_type` — The authorization grant type is not supported by the authorization server.

UNSUPPORTED_RESPONSE_TYPE  : string = 'unsupported_response_type'

`unsupported_response_type` — The authorization server does not support obtaining an authorization code using this method.

USE_DPOP_NONCE  : string = 'use_dpop_nonce'

`use_dpop_nonce` — The authorization server (or resource server) requires the client to include a fresh server-issued `nonce` in its DPoP proof.