NetIQ Mobile SDK for iOS  2.0
Access Manager iOS Framework for OAuth & OIDC
OIDError.h File Reference

AppAuth iOS SDK. More...

#import <Foundation/Foundation.h>

Go to the source code of this file.

Functions

typedef NS_ENUM (NSInteger, OIDErrorCode)
 The various error codes returned from the AppAuth library. More...
 
typedef NS_ENUM (NSInteger, OIDErrorCodeOAuth)
 Enum of all possible OAuth error codes as defined by RFC6749 Used by ::OIDErrorCodeOAuthAuthorization and ::OIDErrorCodeOAuthToken which define endpoint-specific subsets of OAuth codes. Those enum types are down-castable to this one. More...
 
typedef NS_ENUM (NSInteger, OIDErrorCodeOAuthAuthorization)
 The error codes for the OIDOAuthAuthorizationErrorDomain error domain. More...
 
typedef NS_ENUM (NSInteger, OIDErrorCodeOAuthToken)
 The error codes for the OIDOAuthTokenErrorDomain error domain. More...
 
typedef NS_ENUM (NSInteger, OIDErrorCodeOAuthRegistration)
 The error codes for the OIDOAuthRegistrationErrorDomain error domain. More...
 

Variables

NS_ASSUME_NONNULL_BEGIN NSString *const OIDGeneralErrorDomain
 The error domain for all NSErrors returned from the AppAuth library.
 
NSString *const OIDOAuthAuthorizationErrorDomain
 The error domain for OAuth specific errors on the authorization endpoint. This error domain is used when the server responds to an authorization request with an explicit OAuth error, as defined by RFC6749 Section 4.1.2.1. If the authorization response is invalid and not explicitly an error response, another error domain will be used. The error response parameter dictionary is available in the dictionary using the OIDOAuthErrorResponseErrorKey key. The will be one of the ::OIDErrorCodeOAuthAuthorization enum values. More...
 
NSString *const OIDOAuthTokenErrorDomain
 The error domain for OAuth specific errors on the token endpoint. This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined RFC6749 Section 5.2. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and either indicate a client error or require user interaction (i.e. reauthentication) to resolve. The will be one of the ::OIDErrorCodeOAuthToken enum values. More...
 
NSString *const OIDOAuthRegistrationErrorDomain
 The error domain for dynamic client registration errors. This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined in OpenID Connect Dynamic Client Registration 1.0 Section 3.3. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and indicates a client error. The will be one of the ::OIDErrorCodeOAuthToken enum values. More...
 
NSString *const OIDResourceServerAuthorizationErrorDomain
 The error domain for authorization errors encountered out of band on the resource server.
 
NSString *const OIDHTTPErrorDomain
 An error domain representing received HTTP errors.
 
NSString *const OIDOAuthErrorResponseErrorKey
 An error key for the original OAuth error response (if any).
 
NSString *const OIDOAuthErrorFieldError
 The key of the 'error' response field in a RFC6749 Section 5.2 response. More...
 
NSString *const OIDOAuthErrorFieldErrorDescription
 The key of the 'error_description' response field in a RFC6749 Section 5.2 response. More...
 
NSString *const OIDOAuthErrorFieldErrorURI
 The key of the 'error_uri' response field in a RFC6749 Section 5.2 response. More...
 
NSString *const OIDOAuthExceptionInvalidAuthorizationFlow
 The exception text for the exception which occurs when a OIDAuthorizationFlowSession receives a message after it has already completed.
 
NSString *const OIDOAuthExceptionUnsupportedResponseType
 Exception for unsupported response types.
 

Detailed Description

AppAuth iOS SDK.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Function Documentation

◆ NS_ENUM() [1/5]

typedef NS_ENUM ( NSInteger  ,
OIDErrorCode   
)

The various error codes returned from the AppAuth library.

Indicates a problem parsing an OpenID Connect Service Discovery document.

Indicates the user manually canceled the OAuth authorization code flow.

Indicates an OAuth authorization flow was programmatically cancelled.

Indicates a network error or server error occurred.

Indicates a server error occurred.

Indicates a problem occurred deserializing the response/JSON.

Indicates a problem occurred constructing the token response from the JSON.

UIApplication.openURL: returned NO when attempting to open the authorization request in mobile Safari.

NSWorkspace.openURL returned NO when attempting to open the authorization request in the default browser.

Indicates a problem when trying to refresh the tokens.

Indicates a problem occurred constructing the registration response from the JSON.

Indicates a problem occurred deserializing the response/JSON.

◆ NS_ENUM() [2/5]

typedef NS_ENUM ( NSInteger  ,
OIDErrorCodeOAuth   
)

Enum of all possible OAuth error codes as defined by RFC6749 Used by ::OIDErrorCodeOAuthAuthorization and ::OIDErrorCodeOAuthToken which define endpoint-specific subsets of OAuth codes. Those enum types are down-castable to this one.

See also
https://tools.ietf.org/html/rfc6749#section-11.4
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_request
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
unauthorized_client
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
access_denied
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
unsupported_response_type
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
invalid_scope
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
server_error
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
temporarily_unavailable
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
invalid_client
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_grant
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
unsupported_grant_type
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_redirect_uri
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
Remarks
invalid_client_metadata
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError

An authorization error occurring on the client rather than the server. For example, due to a state mismatch or misconfiguration. Should be treated as an unrecoverable authorization error.

An OAuth error not known to this library Indicates an OAuth error as per RFC6749, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the property. Such errors are assumed to invalidate the authentication state

◆ NS_ENUM() [3/5]

typedef NS_ENUM ( NSInteger  ,
OIDErrorCodeOAuthAuthorization   
)

The error codes for the OIDOAuthAuthorizationErrorDomain error domain.

See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
invalid_request
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
unauthorized_client
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
access_denied
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
unsupported_response_type
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

Indicates a network error or server error occurred.

Remarks
invalid_scope
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

Indicates a server error occurred.

Remarks
server_error
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Remarks
temporarily_unavailable
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

An authorization error occurring on the client rather than the server. For example, due to a state mismatch or client misconfiguration. Should be treated as an unrecoverable authorization error.

An authorization OAuth error not known to this library this indicates an OAuth error as per RFC6749, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the property. We assume such errors are not transient.

See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

◆ NS_ENUM() [4/5]

typedef NS_ENUM ( NSInteger  ,
OIDErrorCodeOAuthToken   
)

The error codes for the OIDOAuthTokenErrorDomain error domain.

See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_request
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_client
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_grant
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
unauthorized_client
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
unsupported_grant_type
See also
https://tools.ietf.org/html/rfc6749#section-5.2
Remarks
invalid_scope
See also
https://tools.ietf.org/html/rfc6749#section-5.2

An unrecoverable token error occurring on the client rather than the server.

A token endpoint OAuth error not known to this library this indicates an OAuth error as per RFC6749, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the property. We assume such errors are not transient.

See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ NS_ENUM() [5/5]

typedef NS_ENUM ( NSInteger  ,
OIDErrorCodeOAuthRegistration   
)

The error codes for the OIDOAuthRegistrationErrorDomain error domain.

See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
Remarks
invalid_request
See also
http://tools.ietf.org/html/rfc6750#section-3.1
Remarks
invalid_redirect_uri
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
Remarks
invalid_client_metadata
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError

An unrecoverable token error occurring on the client rather than the server.

A registration endpoint OAuth error not known to this library this indicates an OAuth error, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the property. We assume such errors are not transient.

See also
https://tools.ietf.org/html/rfc6749#section-5.2

Variable Documentation

◆ OIDOAuthAuthorizationErrorDomain

NSString* const OIDOAuthAuthorizationErrorDomain

The error domain for OAuth specific errors on the authorization endpoint. This error domain is used when the server responds to an authorization request with an explicit OAuth error, as defined by RFC6749 Section 4.1.2.1. If the authorization response is invalid and not explicitly an error response, another error domain will be used. The error response parameter dictionary is available in the dictionary using the OIDOAuthErrorResponseErrorKey key. The will be one of the ::OIDErrorCodeOAuthAuthorization enum values.

See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

◆ OIDOAuthErrorFieldError

NSString* const OIDOAuthErrorFieldError

The key of the 'error' response field in a RFC6749 Section 5.2 response.

Remarks
error
See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDOAuthErrorFieldErrorDescription

NSString* const OIDOAuthErrorFieldErrorDescription

The key of the 'error_description' response field in a RFC6749 Section 5.2 response.

Remarks
error_description
See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDOAuthErrorFieldErrorURI

NSString* const OIDOAuthErrorFieldErrorURI

The key of the 'error_uri' response field in a RFC6749 Section 5.2 response.

Remarks
error_uri
See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDOAuthRegistrationErrorDomain

NSString* const OIDOAuthRegistrationErrorDomain

The error domain for dynamic client registration errors. This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined in OpenID Connect Dynamic Client Registration 1.0 Section 3.3. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and indicates a client error. The will be one of the ::OIDErrorCodeOAuthToken enum values.

See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError

◆ OIDOAuthTokenErrorDomain

NSString* const OIDOAuthTokenErrorDomain

The error domain for OAuth specific errors on the token endpoint. This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined RFC6749 Section 5.2. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and either indicate a client error or require user interaction (i.e. reauthentication) to resolve. The will be one of the ::OIDErrorCodeOAuthToken enum values.

See also
https://tools.ietf.org/html/rfc6749#section-5.2