Skip to content

OAuth2 Errors.

AccessDeniedError

Bases: OAuth2Error

The resource owner or authorization server denied the request.

Source code in tenduke_core/exceptions/oauth.py
29
30
31
32
class AccessDeniedError(OAuth2Error):
    """The resource owner or authorization server denied the request."""

    error = "access_denied"

AuthenticationFailed

Bases: OAuth2Error

No authorization response was received.

Source code in tenduke_core/exceptions/oauth.py
35
36
37
38
39
class AuthenticationFailed(OAuth2Error):
    """No authorization response was received."""

    error = "Authentication failed"
    description = "Failed to retrieve token using PKCE flow."

ExpiredTokenError

Bases: OAuth2Error

Device flow device_code has expired.

The "device_code" has expired, and the device authorization session has concluded. The client MAY commence a new device authorization request but SHOULD wait for user interaction before restarting to avoid unnecessary polling.

Source code in tenduke_core/exceptions/oauth.py
42
43
44
45
46
47
48
49
50
51
class ExpiredTokenError(OAuth2Error):
    """
    Device flow device_code has expired.

    The "device_code" has expired, and the device authorization session has concluded.
    The client MAY commence a new device authorization request but SHOULD wait for user
    interaction before restarting to avoid unnecessary polling.
    """

    error = "expired_token"

InsufficientScopeError

Bases: OAuth2Error

The requested scope is invalid, unknown, or malformed.

Source code in tenduke_core/exceptions/oauth.py
149
150
151
152
class InsufficientScopeError(OAuth2Error):
    """The requested scope is invalid, unknown, or malformed."""

    error = "insufficient_scope"

InvalidClientError

Bases: OAuth2Error

Client authentication failed.

Client authentication failed (e.g. unknown client, no client authentication included, or unsupported authentication method). The authorization server MAY return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. If the client attempted to authenticate via the "Authorization" request header field, the authorization server MUST respond with an HTTP 401 (Unauthorized) status code and include the "WWW-Authenticate" response header field matching the authentication scheme used by the client.

Source code in tenduke_core/exceptions/oauth.py
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
class InvalidClientError(OAuth2Error):
    """
    Client authentication failed.

    Client authentication failed (e.g. unknown client, no
    client authentication included, or unsupported
    authentication method). The authorization server MAY
    return an HTTP 401 (Unauthorized) status code to indicate
    which HTTP authentication schemes are supported.  If the
    client attempted to authenticate via the "Authorization"
    request header field, the authorization server MUST
    respond with an HTTP 401 (Unauthorized) status code and
    include the "WWW-Authenticate" response header field
    matching the authentication scheme used by the client.
    """

    error = "invalid_client"

InvalidGrantError

Bases: OAuth2Error

Authorization grant invalid.

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

Source code in tenduke_core/exceptions/oauth.py
85
86
87
88
89
90
91
92
93
94
95
96
class InvalidGrantError(OAuth2Error):
    """
    Authorization grant invalid.

    The provided authorization grant (e.g., authorization
    code, resource owner credentials) or refresh token is
    invalid, expired, revoked, does not match the redirection
    URI used in the authorization request, or was issued to
    another client.
    """

    error = "invalid_grant"

InvalidRequestError

Bases: OAuth2Error

Request is invalid.

The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

Source code in tenduke_core/exceptions/oauth.py
54
55
56
57
58
59
60
61
62
63
class InvalidRequestError(OAuth2Error):
    """
    Request is invalid.

    The request is missing a required parameter, includes an invalid
    parameter value, includes a parameter more than once, or is
    otherwise malformed.
    """

    error = "invalid_request"

InvalidScopeError

Bases: OAuth2Error

The requested scope is invalid, unknown, or malformed.

Source code in tenduke_core/exceptions/oauth.py
117
118
119
120
class InvalidScopeError(OAuth2Error):
    """The requested scope is invalid, unknown, or malformed."""

    error = "invalid_scope"

InvalidTokenError

Bases: OAuth2Error

The access token provided is expired, revoked, malformed, or invalid for other reasons.

Source code in tenduke_core/exceptions/oauth.py
143
144
145
146
class InvalidTokenError(OAuth2Error):
    """The access token provided is expired, revoked, malformed, or invalid for other reasons."""

    error = "invalid_token"

OAuth2Error

Bases: IOError

Base exception for errors encountered during OAuth flows.

Source code in tenduke_core/exceptions/oauth.py
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
class OAuth2Error(IOError):
    """Base exception for errors encountered during OAuth flows."""

    error: str = "unknown error"
    status_code: int = 400
    description: str = ""

    def __init__(
        self, error: str | None = None, status_code: int | None = None, description: str = ""
    ):
        """Construct an OAuth2Error instance.

        Args:
            error: error code.
            status_code: HTTP Status code of error response.
            description: Textual description of the error.
        """
        if status_code is not None:
            self.status_code = status_code
        self.error = error or "unknown error"
        self.description = description

__init__(error=None, status_code=None, description='')

Construct an OAuth2Error instance.

Parameters:

Name Type Description Default
error str | None

error code.

None
status_code int | None

HTTP Status code of error response.

None
description str

Textual description of the error.

''
Source code in tenduke_core/exceptions/oauth.py
13
14
15
16
17
18
19
20
21
22
23
24
25
26
def __init__(
    self, error: str | None = None, status_code: int | None = None, description: str = ""
):
    """Construct an OAuth2Error instance.

    Args:
        error: error code.
        status_code: HTTP Status code of error response.
        description: Textual description of the error.
    """
    if status_code is not None:
        self.status_code = status_code
    self.error = error or "unknown error"
    self.description = description

ServerError

Bases: OAuth2Error

Server error.

The authorization server encountered an unexpected condition that prevented it from fulfilling the request.

Source code in tenduke_core/exceptions/oauth.py
123
124
125
126
127
128
129
130
class ServerError(OAuth2Error):
    """Server error.

    The authorization server encountered an unexpected condition that prevented
    it from fulfilling the request.
    """

    error = "server_error"

TemporarilyUnavailableError

Bases: OAuth2Error

Temporarily unavailable.

The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.

Source code in tenduke_core/exceptions/oauth.py
133
134
135
136
137
138
139
140
class TemporarilyUnavailableError(OAuth2Error):
    """Temporarily unavailable.

    The authorization server is currently unable to handle the request due to a temporary
    overloading or maintenance of the server.
    """

    error = "temporarily_unavailable"

UnauthorizedClientError

Bases: OAuth2Error

The authenticated client is not authorized to use this authorization grant type.

Source code in tenduke_core/exceptions/oauth.py
 99
100
101
102
class UnauthorizedClientError(OAuth2Error):
    """The authenticated client is not authorized to use this authorization grant type."""

    error = "unauthorized_client"

UnsupportedGrantTypeError

Bases: OAuth2Error

The authorization grant type is not supported by the authorization server.

Source code in tenduke_core/exceptions/oauth.py
105
106
107
108
class UnsupportedGrantTypeError(OAuth2Error):
    """The authorization grant type is not supported by the authorization server."""

    error = "unsupported_grant_type"

UnsupportedResponseTypeError

Bases: OAuth2Error

The requested response type is not supported by the endpoint.

Source code in tenduke_core/exceptions/oauth.py
111
112
113
114
class UnsupportedResponseTypeError(OAuth2Error):
    """The requested response type is not supported by the endpoint."""

    error = "unsupported_response_type"

raise_error_from_error_response(response)

Raise an error matching the failed response to an OAuth request.

Parameters:

Name Type Description Default
response Response

The response from the HTTP request to be mapped to an error.

required

Returns:

Type Description
OAuth2Error

OAuth2Error matching the status_code of the response object.

Source code in tenduke_core/exceptions/oauth.py
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
def raise_error_from_error_response(response: Response) -> OAuth2Error:
    """Raise an error matching the failed response to an OAuth request.

    Args:
        response: The response from the HTTP request to be mapped to an error.

    Returns:
        OAuth2Error matching the status_code of the response object.
    """
    json = response.json()
    error = json.get("error")
    error_code = json.get("error_code")
    error_description = json.get("error_description")

    if error in _error_code_map:
        raise _error_code_map[error](
            status_code=response.status_code, description=error_description
        )

    if error_code in _error_code_map:
        raise _error_code_map[error_code](
            status_code=response.status_code, description=error_description
        )

    error_to_report = error or error_code or "unkown error"
    description = error_description or "An unknown error has been encountered."
    raise OAuth2Error(
        error=error_to_report,
        status_code=response.status_code,
        description=description,
    )