AppAuth
Enumerations | Variables
OIDError.h File Reference

AppAuth iOS SDK. More...

#import <Foundation/Foundation.h>

Go to the source code of this file.

Enumerations

enum  OIDErrorCode {
  OIDErrorCodeInvalidDiscoveryDocument = -2, OIDErrorCodeUserCanceledAuthorizationFlow = -3, OIDErrorCodeProgramCanceledAuthorizationFlow = -4, OIDErrorCodeNetworkError = -5,
  OIDErrorCodeServerError = -6, OIDErrorCodeJSONDeserializationError = -7, OIDErrorCodeTokenResponseConstructionError = -8, OIDErrorCodeSafariOpenError = -9,
  OIDErrorCodeBrowserOpenError = -10, OIDErrorCodeTokenRefreshError = -11, OIDErrorCodeRegistrationResponseConstructionError = -12, OIDErrorCodeJSONSerializationError = -13,
  OIDErrorCodeIDTokenParsingError = -14, OIDErrorCodeIDTokenFailedValidationError = -15
}
 The various error codes returned from the AppAuth library. More...
 
enum  OIDErrorCodeOAuth {
  OIDErrorCodeOAuthInvalidRequest = -2, OIDErrorCodeOAuthUnauthorizedClient = -3, OIDErrorCodeOAuthAccessDenied = -4, OIDErrorCodeOAuthUnsupportedResponseType = -5,
  OIDErrorCodeOAuthInvalidScope = -6, OIDErrorCodeOAuthServerError = -7, OIDErrorCodeOAuthTemporarilyUnavailable = -8, OIDErrorCodeOAuthInvalidClient = -9,
  OIDErrorCodeOAuthInvalidGrant = -10, OIDErrorCodeOAuthUnsupportedGrantType = -11, OIDErrorCodeOAuthInvalidRedirectURI = -12, OIDErrorCodeOAuthInvalidClientMetadata = -13,
  OIDErrorCodeOAuthClientError = -0xEFFF, OIDErrorCodeOAuthOther = -0xF000
}
 Enum of all possible OAuth error codes as defined by RFC6749 @discussion Used by OIDErrorCodeOAuthAuthorization and OIDErrorCodeOAuthToken which define endpoint-specific subsets of OAuth codes. Those enum types are down-castable to this one. More...
 
enum  OIDErrorCodeOAuthAuthorization {
  OIDErrorCodeOAuthAuthorizationInvalidRequest = OIDErrorCodeOAuthInvalidRequest, OIDErrorCodeOAuthAuthorizationUnauthorizedClient = OIDErrorCodeOAuthUnauthorizedClient, OIDErrorCodeOAuthAuthorizationAccessDenied, OIDErrorCodeOAuthAuthorizationUnsupportedResponseType,
  OIDErrorCodeOAuthAuthorizationAuthorizationInvalidScope = OIDErrorCodeOAuthInvalidScope, OIDErrorCodeOAuthAuthorizationServerError = OIDErrorCodeOAuthServerError, OIDErrorCodeOAuthAuthorizationTemporarilyUnavailable = OIDErrorCodeOAuthTemporarilyUnavailable, OIDErrorCodeOAuthAuthorizationClientError = OIDErrorCodeOAuthClientError,
  OIDErrorCodeOAuthAuthorizationOther = OIDErrorCodeOAuthOther
}
 The error codes for the OIDOAuthAuthorizationErrorDomain error domain. More...
 
enum  OIDErrorCodeOAuthToken {
  OIDErrorCodeOAuthTokenInvalidRequest = OIDErrorCodeOAuthInvalidRequest, OIDErrorCodeOAuthTokenInvalidClient = OIDErrorCodeOAuthInvalidClient, OIDErrorCodeOAuthTokenInvalidGrant = OIDErrorCodeOAuthInvalidGrant, OIDErrorCodeOAuthTokenUnauthorizedClient = OIDErrorCodeOAuthUnauthorizedClient,
  OIDErrorCodeOAuthTokenUnsupportedGrantType = OIDErrorCodeOAuthUnsupportedGrantType, OIDErrorCodeOAuthTokenInvalidScope = OIDErrorCodeOAuthInvalidScope, OIDErrorCodeOAuthTokenClientError = OIDErrorCodeOAuthClientError, OIDErrorCodeOAuthTokenOther = OIDErrorCodeOAuthOther
}
 The error codes for the OIDOAuthTokenErrorDomain error domain. More...
 
enum  OIDErrorCodeOAuthRegistration {
  OIDErrorCodeOAuthRegistrationInvalidRequest = OIDErrorCodeOAuthInvalidRequest, OIDErrorCodeOAuthRegistrationInvalidRedirectURI = OIDErrorCodeOAuthInvalidRedirectURI, OIDErrorCodeOAuthRegistrationInvalidClientMetadata = OIDErrorCodeOAuthInvalidClientMetadata, OIDErrorCodeOAuthRegistrationClientError = OIDErrorCodeOAuthClientError,
  OIDErrorCodeOAuthRegistrationOther = OIDErrorCodeOAuthOther
}
 The error codes for the OIDOAuthRegistrationErrorDomain error domain. More...
 

Variables

NSString *const OIDGeneralErrorDomain
 The error domain for all NSErrors returned from the AppAuth library.
 
NSString *const OIDOAuthAuthorizationErrorDomain
 The error domain for OAuth specific errors on the authorization endpoint. @discussion This error domain is used when the server responds to an authorization request with an explicit OAuth error, as defined by RFC6749 Section 4.1.2.1. If the authorization response is invalid and not explicitly an error response, another error domain will be used. The error response parameter dictionary is available in the NSError.userInfo dictionary using the OIDOAuthErrorResponseErrorKey key. The NSError.code will be one of the OIDErrorCodeOAuthAuthorization enum values. More...
 
NSString *const OIDOAuthTokenErrorDomain
 The error domain for OAuth specific errors on the token endpoint. @discussion This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined RFC6749 Section 5.2. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the NSError.userInfo dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and either indicate a client error or require user interaction (i.e. reauthentication) to resolve. The NSError.code will be one of the OIDErrorCodeOAuthToken enum values. More...
 
NSString *const OIDOAuthRegistrationErrorDomain
 The error domain for dynamic client registration errors. @discussion This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined in OpenID Connect Dynamic Client Registration 1.0 Section 3.3. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the NSError.userInfo dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and indicates a client error. The NSError.code will be one of the OIDErrorCodeOAuthToken enum values. More...
 
NSString *const OIDResourceServerAuthorizationErrorDomain
 The error domain for authorization errors encountered out of band on the resource server.
 
NSString *const OIDHTTPErrorDomain
 An error domain representing received HTTP errors.
 
NSString *const OIDOAuthErrorResponseErrorKey
 An error key for the original OAuth error response (if any).
 
NSString *const OIDOAuthErrorFieldError
 The key of the 'error' response field in a RFC6749 Section 5.2 response. More...
 
NSString *const OIDOAuthErrorFieldErrorDescription
 The key of the 'error_description' response field in a RFC6749 Section 5.2 response. More...
 
NSString *const OIDOAuthErrorFieldErrorURI
 The key of the 'error_uri' response field in a RFC6749 Section 5.2 response. More...
 
NSString *const OIDOAuthExceptionInvalidAuthorizationFlow
 The exception text for the exception which occurs when a OIDExternalUserAgentSession receives a message after it has already completed.
 
NSString *const OIDOAuthExceptionInvalidTokenRequestNullRedirectURL
 The text for the exception which occurs when a Token Request is constructed with a null redirectURL for a grant_type that requires a nonnull Redirect.
 

Detailed Description

AppAuth iOS SDK.

Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at

http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License.

Enumeration Type Documentation

◆ OIDErrorCode

The various error codes returned from the AppAuth library.

Enumerator
OIDErrorCodeInvalidDiscoveryDocument 

Indicates a problem parsing an OpenID Connect Service Discovery document.

OIDErrorCodeUserCanceledAuthorizationFlow 

Indicates the user manually canceled the OAuth authorization code flow.

OIDErrorCodeProgramCanceledAuthorizationFlow 

Indicates an OAuth authorization flow was programmatically cancelled.

OIDErrorCodeNetworkError 

Indicates a network error or server error occurred.

OIDErrorCodeServerError 

Indicates a server error occurred.

OIDErrorCodeJSONDeserializationError 

Indicates a problem occurred deserializing the response/JSON.

OIDErrorCodeTokenResponseConstructionError 

Indicates a problem occurred constructing the token response from the JSON.

OIDErrorCodeSafariOpenError 

UIApplication.openURL: returned NO when attempting to open the authorization request in mobile Safari.

OIDErrorCodeBrowserOpenError 

NSWorkspace.openURL returned NO when attempting to open the authorization request in the default browser.

OIDErrorCodeTokenRefreshError 

Indicates a problem when trying to refresh the tokens.

OIDErrorCodeRegistrationResponseConstructionError 

Indicates a problem occurred constructing the registration response from the JSON.

OIDErrorCodeJSONSerializationError 

Indicates a problem occurred deserializing the response/JSON.

OIDErrorCodeIDTokenParsingError 

The ID Token did not parse.

OIDErrorCodeIDTokenFailedValidationError 

The ID Token did not pass validation (e.g. issuer, audience checks).

◆ OIDErrorCodeOAuth

Enum of all possible OAuth error codes as defined by RFC6749 @discussion Used by OIDErrorCodeOAuthAuthorization and OIDErrorCodeOAuthToken which define endpoint-specific subsets of OAuth codes. Those enum types are down-castable to this one.

See also
https://tools.ietf.org/html/rfc6749#section-11.4
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
Enumerator
OIDErrorCodeOAuthInvalidRequest 
Remarks
invalid_request
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthUnauthorizedClient 
Remarks
unauthorized_client
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthAccessDenied 
Remarks
access_denied
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthUnsupportedResponseType 
Remarks
unsupported_response_type
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthInvalidScope 
Remarks
invalid_scope
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthServerError 
Remarks
server_error
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthTemporarilyUnavailable 
Remarks
temporarily_unavailable
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthInvalidClient 
Remarks
invalid_client
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthInvalidGrant 
Remarks
invalid_grant
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthUnsupportedGrantType 
Remarks
unsupported_grant_type
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthInvalidRedirectURI 
Remarks
invalid_redirect_uri
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
OIDErrorCodeOAuthInvalidClientMetadata 
Remarks
invalid_client_metadata
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
OIDErrorCodeOAuthClientError 

An authorization error occurring on the client rather than the server. For example, due to a state mismatch or misconfiguration. Should be treated as an unrecoverable authorization error.

OIDErrorCodeOAuthOther 

An OAuth error not known to this library @discussion Indicates an OAuth error as per RFC6749, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the NSError.userInfo property. Such errors are assumed to invalidate the authentication state.

◆ OIDErrorCodeOAuthAuthorization

The error codes for the OIDOAuthAuthorizationErrorDomain error domain.

See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
Enumerator
OIDErrorCodeOAuthAuthorizationInvalidRequest 
Remarks
invalid_request
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationUnauthorizedClient 
Remarks
unauthorized_client
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationAccessDenied 
Remarks
access_denied
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationUnsupportedResponseType 
Remarks
unsupported_response_type
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationAuthorizationInvalidScope 

Indicates a network error or server error occurred.

Remarks
invalid_scope
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationServerError 

Indicates a server error occurred.

Remarks
server_error
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationTemporarilyUnavailable 
Remarks
temporarily_unavailable
See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1
OIDErrorCodeOAuthAuthorizationClientError 

An authorization error occurring on the client rather than the server. For example, due to a state mismatch or client misconfiguration. Should be treated as an unrecoverable authorization error.

OIDErrorCodeOAuthAuthorizationOther 

An authorization OAuth error not known to this library @discussion this indicates an OAuth error as per RFC6749, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the NSError.userInfo property. We assume such errors are not transient.

See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

◆ OIDErrorCodeOAuthRegistration

The error codes for the OIDOAuthRegistrationErrorDomain error domain.

See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
Enumerator
OIDErrorCodeOAuthRegistrationInvalidRequest 
Remarks
invalid_request
See also
http://tools.ietf.org/html/rfc6750#section-3.1
OIDErrorCodeOAuthRegistrationInvalidRedirectURI 
Remarks
invalid_redirect_uri
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
OIDErrorCodeOAuthRegistrationInvalidClientMetadata 
Remarks
invalid_client_metadata
See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError
OIDErrorCodeOAuthRegistrationClientError 

An unrecoverable token error occurring on the client rather than the server.

OIDErrorCodeOAuthRegistrationOther 

A registration endpoint OAuth error not known to this library @discussion this indicates an OAuth error, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the NSError.userInfo property. We assume such errors are not transient.

See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDErrorCodeOAuthToken

The error codes for the OIDOAuthTokenErrorDomain error domain.

See also
https://tools.ietf.org/html/rfc6749#section-5.2
Enumerator
OIDErrorCodeOAuthTokenInvalidRequest 
Remarks
invalid_request
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthTokenInvalidClient 
Remarks
invalid_client
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthTokenInvalidGrant 
Remarks
invalid_grant
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthTokenUnauthorizedClient 
Remarks
unauthorized_client
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthTokenUnsupportedGrantType 
Remarks
unsupported_grant_type
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthTokenInvalidScope 
Remarks
invalid_scope
See also
https://tools.ietf.org/html/rfc6749#section-5.2
OIDErrorCodeOAuthTokenClientError 

An unrecoverable token error occurring on the client rather than the server.

OIDErrorCodeOAuthTokenOther 

A token endpoint OAuth error not known to this library @discussion this indicates an OAuth error as per RFC6749, but the error code was not in our list. It could be a custom error code, or one from an OAuth extension. See the "error" key of the NSError.userInfo property. We assume such errors are not transient.

See also
https://tools.ietf.org/html/rfc6749#section-5.2

Variable Documentation

◆ OIDOAuthAuthorizationErrorDomain

NSString* const OIDOAuthAuthorizationErrorDomain

The error domain for OAuth specific errors on the authorization endpoint. @discussion This error domain is used when the server responds to an authorization request with an explicit OAuth error, as defined by RFC6749 Section 4.1.2.1. If the authorization response is invalid and not explicitly an error response, another error domain will be used. The error response parameter dictionary is available in the NSError.userInfo dictionary using the OIDOAuthErrorResponseErrorKey key. The NSError.code will be one of the OIDErrorCodeOAuthAuthorization enum values.

See also
https://tools.ietf.org/html/rfc6749#section-4.1.2.1

◆ OIDOAuthErrorFieldError

NSString* const OIDOAuthErrorFieldError

The key of the 'error' response field in a RFC6749 Section 5.2 response.

Remarks
error
See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDOAuthErrorFieldErrorDescription

NSString* const OIDOAuthErrorFieldErrorDescription

The key of the 'error_description' response field in a RFC6749 Section 5.2 response.

Remarks
error_description
See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDOAuthErrorFieldErrorURI

NSString* const OIDOAuthErrorFieldErrorURI

The key of the 'error_uri' response field in a RFC6749 Section 5.2 response.

Remarks
error_uri
See also
https://tools.ietf.org/html/rfc6749#section-5.2

◆ OIDOAuthRegistrationErrorDomain

NSString* const OIDOAuthRegistrationErrorDomain

The error domain for dynamic client registration errors. @discussion This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined in OpenID Connect Dynamic Client Registration 1.0 Section 3.3. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the NSError.userInfo dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and indicates a client error. The NSError.code will be one of the OIDErrorCodeOAuthToken enum values.

See also
https://openid.net/specs/openid-connect-registration-1_0.html#RegistrationError

◆ OIDOAuthTokenErrorDomain

NSString* const OIDOAuthTokenErrorDomain

The error domain for OAuth specific errors on the token endpoint. @discussion This error domain is used when the server responds with HTTP 400 and an OAuth error, as defined RFC6749 Section 5.2. If an HTTP 400 response does not parse as an OAuth error (i.e. no 'error' field is present or the JSON is invalid), another error domain will be used. The entire OAuth error response dictionary is available in the NSError.userInfo dictionary using the OIDOAuthErrorResponseErrorKey key. Unlike transient network errors, errors in this domain invalidate the authentication state, and either indicate a client error or require user interaction (i.e. reauthentication) to resolve. The NSError.code will be one of the OIDErrorCodeOAuthToken enum values.

See also
https://tools.ietf.org/html/rfc6749#section-5.2