aspnetcore/src/Service.Core/ProtocolErrorProvider.cs

// Copyright (c) .NET Foundation. All rights reserved.
// Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.

using System;
using Microsoft.IdentityModel.Protocols.OpenIdConnect;

namespace Microsoft.AspNetCore.Identity.Service
{
    public class ProtocolErrorProvider
    {
        public virtual OpenIdConnectMessage InvalidRedirectUri(string redirectUri)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The redirect uri '{redirectUri}' is not registered.");
        }

        public virtual OpenIdConnectMessage InvalidLogoutRedirectUri(string logoutUri)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The logout redirect uri '{logoutUri}' is not registered.");
        }

        public virtual OpenIdConnectMessage InvalidGrantType(string grantType)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The grant type '{grantType}' is not a valid grant type.");
        }

        public virtual OpenIdConnectMessage InvalidClientId(string clientId)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The client id '{clientId}' is not associated with any application.");
        }

        public virtual OpenIdConnectMessage InvalidAuthorizationCode()
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The authorization code presented is not valid or has expired.");
        }

        public virtual OpenIdConnectMessage TooManyParameters(string parameterName)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The parameter '{parameterName}' must be unique.");
        }

        public virtual OpenIdConnectMessage MissingPolicy()
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The 'p' parameter is missing.");
        }

        public virtual OpenIdConnectMessage MissingRequiredParameter(string parameterName)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The request is missing the required parameter {parameterName}.");
        }

        public virtual OpenIdConnectMessage InvalidParameterValue(string value, string parameterName)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"{value} is not a valid value for the parameter {parameterName}.");
        }

        public virtual OpenIdConnectMessage RequiresLogin()
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The request requires the user to explicitly login.");
        }

        public virtual OpenIdConnectMessage MissingOpenIdScope()
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The request is missing the required value 'openid' on the 'scope' parameter.");
        }

        public virtual OpenIdConnectMessage ResponseTypeNoneNotAllowed()
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The parameter {OpenIdConnectParameterNames.ResponseType} must not contain any other value when the value 'none' is used.");
        }

        public virtual OpenIdConnectMessage InvalidLifetime()
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The token is not yet active or it has expired.");
        }

        public virtual OpenIdConnectMessage InvalidCodeVerifier()
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The code_verifier is missing or invalid.");
        }

        public virtual OpenIdConnectMessage MultipleResourcesNotSupported(string resourceName, string name)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"Can't get an access token for multiple resources '{resourceName}','{name}'.");
        }

        public virtual OpenIdConnectMessage InvalidGrant()
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                "The given grant is not valid.");
        }

        public virtual OpenIdConnectMessage InvalidResponseTypeModeCombination(string responseType, string responseMode)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The value '{responseMode}' for the '{OpenIdConnectParameterNames.ResponseMode}' " +
                $"parameter is not compatible with the value '{responseMode}' for the '{OpenIdConnectParameterNames.ResponseType}' parameter.");
        }

        public virtual OpenIdConnectMessage InvalidClientCredentials()
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, "Invalid client credentials.");
        }

        public virtual OpenIdConnectMessage MismatchedRedirectUrl(string redirectUri)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The uri '{redirectUri}' must match the uri used during authorization.");
        }

        public virtual OpenIdConnectMessage InvalidScope(string scope)
        {
            return CreateError(IdentityServiceErrorCodes.InvalidRequest, $"The scope '{scope}' is not valid.");
        }

        public virtual OpenIdConnectMessage UnauthorizedScope()
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                "One or more scopes on the request are not allowed by the given grant.");
        }

        public virtual OpenIdConnectMessage InvalidUriFormat(string redirectUri)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"'{redirectUri}' must be an absolute uri without a fragment");
        }

        public virtual OpenIdConnectMessage InvalidPromptValue(string promptValue)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The prompt value '{promptValue}' is not valid.");
        }

        public virtual OpenIdConnectMessage PromptNoneMustBeTheOnlyValue(string promptValue)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The prompt value 'none' can't be used in conjunction with other prompt values '{promptValue}'");
        }

        public virtual OpenIdConnectMessage InvalidCodeChallengeMethod(string challengeMethod)
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The code challenge method '{challengeMethod ?? "plain"}' is invalid. Only S256 is supported.");
        }

        public virtual OpenIdConnectMessage InvalidCodeChallenge()
        {
            return CreateError(
                IdentityServiceErrorCodes.InvalidRequest,
                $"The provided code challenge must be 43 characters long.");
        }

        private OpenIdConnectMessage CreateError(string code, string description, string uri = null) =>
            new OpenIdConnectMessage
            {
                Error = code,
                ErrorDescription = description,
                ErrorUri = uri
            };
    }
}