1 files changed, 39 insertions, 0 deletions

diff --git a/src/scm/webid-oidc/errors.scm b/src/scm/webid-oidc/errors.scm
index d494c7d..beccc35 100644
--- a/src/scm/webid-oidc/errors.scm
+++ b/src/scm/webid-oidc/errors.scm
@@ -401,6 +401,18 @@
    &external-error
    '(value)))
 
+(define-exception-type
+  &incorrect-ath-field
+  &external-error
+  make-incorrect-ath-field
+  incorrect-ath-field?
+  (value incorrect-ath-field-value))
+
+(export &incorrect-ath-field
+        make-incorrect-ath-field
+        incorrect-ath-field?
+        incorrect-ath-field-value)
+
 (define-public (raise-incorrect-htu-field value)
   (raise-exception
    ((record-constructor &incorrect-htu-field) value)))
@@ -543,6 +555,20 @@
   (raise-exception
    ((record-constructor &dpop-unconfirmed-key) key expected cause)))
 
+(define-exception-type
+  &dpop-invalid-access-token-hash
+  &external-error
+  make-dpop-invalid-access-token-hash
+  dpop-invalid-access-token-hash?
+  (hash dpop-invalid-access-token-hash-hash)
+  (access-token dpop-invalid-access-token-hash-access-token))
+
+(export &dpop-invalid-access-token-hash
+        make-dpop-invalid-access-token-hash
+        dpop-invalid-access-token-hash?
+        dpop-invalid-access-token-hash-hash
+        dpop-invalid-access-token-hash-access-token)
+
 (define-public &jti-found
   (make-exception-type
    '&jti-found
@@ -1227,6 +1253,11 @@
              (if value
                  (format #f (G_ "the htu field is incorrect: ~s") value)
                  (format #f (G_ "the htu field is missing")))))
+          ((&incorrect-ath-field)
+           (let ((value (get 'value)))
+             (if value
+                 (format #f (G_ "the ath field is incorrect: ~s") value)
+                 (format #f (G_ "the ath field is missing")))))
           ((&not-an-access-token)
            (format #f (G_ "~s is not an access token (because ~a)")
                    (get 'value) (recurse (get 'cause))))
@@ -1288,6 +1319,14 @@
                (format #f (G_ "the key confirmation of ~s failed (because ~a)") key (recurse cause)))
               (else
                (format #f (G_ "the key confirmation of ~s failed") key)))))
+          ((&dpop-invalid-access-token-hash)
+           (let ((h (get 'hash))
+                 (at (get 'access-token)))
+             (if h
+                 (format #f (G_ "the DPoP proof is bound to an access token with hash ~s, not ~s")
+                         h at)
+                 (format #f (G_ "the DPoP proof should be bound to the access token ~s")
+                         at))))
           ((&jti-found)
            (format #f (G_ "the jti ~s has already been found (because ~a)")
                    (get 'jti) (recurse (get 'cause))))