tessl/pypi-oauthlib
A comprehensive Python library for implementing OAuth 1.0 and OAuth 2.0 authentication protocols
error-handling.mddocs/
Error Handling
Comprehensive exception hierarchy for OAuth 1.0, OAuth 2.0, and OpenID Connect errors. Provides specific error types for different failure scenarios with proper HTTP status codes and error responses.
Capabilities
OAuth 2.0 Base Exception
Base exception class for all OAuth 2.0 errors with standardized error response formatting.
class OAuth2Error(Exception):
"""Base OAuth 2.0 exception."""
error: str | None
status_code: int
description: str
uri: str | None
state: str | None
redirect_uri: str | None
client_id: str | None
scopes: list[str]
response_type: str | None
response_mode: str | None
grant_type: str | None
def __init__(
self,
description: str | None = None,
uri: str | None = None,
state: str | None = None,
status_code: int | None = None,
request=None,
) -> None: ...
def in_uri(self, uri: str) -> str:
"""Format error for URI fragment or query."""
@property
def twotuples(self) -> list[tuple[str, str]]:
"""Error as list of key-value tuples."""
@property
def urlencoded(self) -> str:
"""Error as URL-encoded string."""
@property
def json(self) -> str:
"""Error as JSON string."""
@property
def headers(self) -> dict[str, str]:
"""HTTP headers for error response."""Client Errors
Errors related to client configuration and authentication.
class InvalidClientError(OAuth2Error):
"""Invalid client credentials."""
error: str = "invalid_client"
class InvalidClientIdError(OAuth2Error):
"""Invalid client identifier."""
error: str = "invalid_client"
class MissingClientIdError(OAuth2Error):
"""Client identifier is missing."""
error: str = "invalid_request"
class UnauthorizedClientError(OAuth2Error):
"""Client not authorized for this grant type."""
error: str = "unauthorized_client"Request Errors
Errors in request format and parameters.
class InvalidRequestError(OAuth2Error):
"""Invalid request format or parameters."""
error: str = "invalid_request"
class MissingResponseTypeError(OAuth2Error):
"""Missing response_type parameter."""
error: str = "invalid_request"
class UnsupportedResponseTypeError(OAuth2Error):
"""Unsupported response_type."""
error: str = "unsupported_response_type"
class MissingCodeError(OAuth2Error):
"""Missing authorization code."""
error: str = "invalid_request"
class InvalidGrantError(OAuth2Error):
"""Invalid authorization grant."""
error: str = "invalid_grant"
class UnsupportedGrantTypeError(OAuth2Error):
"""Unsupported grant_type."""
error: str = "unsupported_grant_type"Authorization Errors
Errors during authorization flow.
class AccessDeniedError(OAuth2Error):
"""Authorization denied by user."""
error: str = "access_denied"
class InvalidRedirectURIError(OAuth2Error):
"""Invalid redirect URI."""
error: str = "invalid_request"
class MismatchingRedirectURIError(OAuth2Error):
"""Redirect URI doesn't match registered URI."""
error: str = "invalid_grant"
class MismatchingStateError(OAuth2Error):
"""State parameter mismatch."""
error: str = "invalid_request"Scope Errors
Errors related to scope validation and authorization.
class InvalidScopeError(OAuth2Error):
"""Invalid scope parameter."""
error: str = "invalid_scope"
class InsufficientScopeError(OAuth2Error):
"""Insufficient scope for resource access."""
error: str = "insufficient_scope"Token Errors
Errors related to token validation and management.
class InvalidTokenError(OAuth2Error):
"""Invalid access token."""
error: str = "invalid_token"
class TokenExpiredError(OAuth2Error):
"""Access token expired."""
error: str = "invalid_token"
class MissingTokenError(OAuth2Error):
"""Missing access token."""
error: str = "invalid_request"
class UnsupportedTokenTypeError(OAuth2Error):
"""Unsupported token type."""
error: str = "unsupported_token_type"Server Errors
Server-side errors and service availability issues.
class ServerError(OAuth2Error):
"""Internal server error."""
error: str = "server_error"
status_code: int = 500
class TemporarilyUnavailableError(OAuth2Error):
"""Service temporarily unavailable."""
error: str = "temporarily_unavailable"
status_code: int = 503Security Errors
Security-related errors and policy violations.
class InsecureTransportError(OAuth2Error):
"""HTTPS required."""
error: str = "invalid_request"
description: str = "HTTPS is required"OAuth 1.0 Exceptions
OAuth 1.0 specific error types.
class OAuth1Error(Exception):
"""Base OAuth 1.0 exception."""
error: str
description: str
uri: str | None
status_code: int
def in_uri(self, uri: str) -> str: ...
@property
def twotuples(self) -> list[tuple[str, str]]: ...
@property
def urlencoded(self) -> str: ...
class InvalidSignatureMethodError(OAuth1Error):
"""Invalid signature method."""
error: str = "invalid_signature_method"OpenID Connect Exceptions
OpenID Connect specific error types.
class InteractionRequired(OAuth2Error):
"""User interaction required."""
error: str = "interaction_required"
class LoginRequired(OAuth2Error):
"""User login required."""
error: str = "login_required"
class ConsentRequired(OAuth2Error):
"""User consent required."""
error: str = "consent_required"
class InvalidRequestObject(OAuth2Error):
"""Invalid request object."""
error: str = "invalid_request_object"Usage Examples
from oauthlib.oauth2 import OAuth2Error, InvalidClientError, AccessDeniedError
# Handle OAuth errors in server
try:
# OAuth processing...
pass
except OAuth2Error as e:
return Response(
e.json,
status=e.status_code,
headers=e.headers
)
# Custom error handling
def handle_oauth_error(error):
if isinstance(error, InvalidClientError):
log_security_event("Invalid client authentication", error)
elif isinstance(error, AccessDeniedError):
log_user_action("Authorization denied", error)
return {
'error': error.error,
'error_description': error.description,
'status_code': error.status_code
}
# Error in redirect URI
try:
# Authorization processing...
pass
except OAuth2Error as e:
if e.redirect_uri:
error_uri = e.in_uri(e.redirect_uri)
return redirect(error_uri)
else:
return Response(e.json, status=e.status_code)Install with Tessl CLI
npx tessl i tessl/pypi-oauthlib