AshAuthentication.
Copy Markdown
View Source
HTTP error response helpers for OAuth 2.1 / RFC 7591.
Summary
Functions
Translate a :reason atom returned from a core module into an
{http_status, error_code, description} triple suitable for an OAuth
error response.
Send a Bearer-auth error per RFC 6750 §3 — JSON body + a
WWW-Authenticate: Bearer error="…", error_description="…" header.
Send a 400 with an RFC 7591 DCR-shaped error.
Send a JSON error per OAuth 2.0 / RFC 6749 §5.2.
Functions
@spec describe_token_error(atom()) :: {pos_integer(), String.t(), String.t()}
Translate a :reason atom returned from a core module into an
{http_status, error_code, description} triple suitable for an OAuth
error response.
@spec send_bearer_error(Plug.Conn.t(), pos_integer(), String.t(), String.t() | nil) :: Plug.Conn.t()
Send a Bearer-auth error per RFC 6750 §3 — JSON body + a
WWW-Authenticate: Bearer error="…", error_description="…" header.
Used for failures of Bearer-authenticated endpoints (e.g. RFC 7591
initial-access-token failures on /oauth/register).
Send a 400 with an RFC 7591 DCR-shaped error.
Codes: "invalid_redirect_uri", "invalid_client_metadata".
@spec send_oauth_error(Plug.Conn.t(), pos_integer(), String.t(), String.t() | nil) :: Plug.Conn.t()
Send a JSON error per OAuth 2.0 / RFC 6749 §5.2.
Codes: "invalid_request", "invalid_client", "invalid_grant",
"unsupported_grant_type", "invalid_scope", etc.