1 files changed, 30 insertions, 4 deletions

diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm
index 879b23c..e8ab5af 100644
--- a/src/scm/webid-oidc/errors.scm
+++ b/src/scm/webid-oidc/errors.scm
@@ -687,6 +687,26 @@
   (raise-exception
    ((record-constructor &cannot-encode-authorization-code) authorization-code key cause)))
 
+(define-public &invalid-refresh-token
+  (make-exception-type
+   '&invalid-refresh-token
+   &external-error
+   '(refresh-token)))
+
+(define-public (raise-invalid-refresh-token refresh-token)
+  (raise-exception
+   ((record-constructor &invalid-refresh-token) refresh-token)))
+
+(define-public &invalid-key-for-refresh-token
+  (make-exception-type
+   '&invalid-key-for-refresh-token
+   &external-error
+   '(key jkt)))
+
+(define-public (raise-invalid-key-for-refresh-token key jkt)
+  (raise-exception
+   ((record-constructor &invalid-key-for-refresh-token) key jkt)))
+
 (define*-public (error->str err #:key (max-depth #f))
   (if (record? err)
       (let* ((type (record-type-descriptor err))
@@ -956,16 +976,22 @@
           ((&not-an-authorization-code-payload)
            (format #f (G_ "~s is not an authorization code payload (because ~a)")
                    (get 'value) (recurse (get 'cause))))
-	  ((&authorization-code-expired)
-	   (format #f (G_ "the current time is ~a, and the authorization code expired at ~a")
-		   (time-second (date->time-utc (get 'current-time)))
-		   (time-second (date->time-utc (get 'exp)))))
+          ((&authorization-code-expired)
+           (format #f (G_ "the current time is ~a, and the authorization code expired at ~a")
+                   (time-second (date->time-utc (get 'current-time)))
+                   (time-second (date->time-utc (get 'exp)))))
           ((&cannot-decode-authorization-code)
            (format #f (G_ "I cannot decode ~s as an authorization code (because ~a)")
                    (get 'value) (recurse (get 'cause))))
           ((&cannot-encode-authorization-code)
            (format #f (G_ "I cannot encode ~s as an authorization code (because ~a)")
                    (get 'value) (recurse (get 'cause))))
+          ((&invalid-refresh-token)
+           (format #f (G_ "there is no such refresh token as ~s")
+                   (get 'refresh-token)))
+          ((&invalid-key-for-refresh-token)
+           (format #f (G_ "the refresh token is bound to a key confirmed as ~s, but it is used with key ~s")
+                   (get 'jkt) (get 'key)))
           ((&compound-exception)
            (let ((components (get 'components)))
              (if (null? components)