$errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_scope', 'invalid scope: ' . $firstOffendingScope, 'INVALID_SCOPE', array('SCOPE' => $firstOffendingScope));
            }
            //something went wrong, but we do have a valid uri to redirect to.
            $errorParameters['error_uri'] = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/error.php'), $errorParameters);
            if (isset($_REQUEST['state'])) {
                $errorParameters['state'] = $_REQUEST['state'];
            }
            unset($errorParameters['error_code_internal']);
            unset($errorParameters['error_parameters_internal']);
            sspmod_oauth2server_Utility_Uri::redirectUri(sspmod_oauth2server_Utility_Uri::addQueryParametersToUrl($returnUri, $errorParameters));
        } else {
            if (is_string(parse_url($returnUri, PHP_URL_FRAGMENT))) {
                $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_redirect_uri', 'fragments are not allowed in redirect_uri: ' . $returnUri, 'FRAGMENT_REDIRECT_URI', array('REDIRECT_URI' => $returnUri, 'FRAGMENT' => parse_url($returnUri, PHP_URL_FRAGMENT)));
            } else {
                // this is not a proper error code used only internally
                $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_redirect_uri', 'illegal redirect_uri: ' . $returnUri, 'INVALID_REDIRECT_URI', array('REDIRECT_URI' => $returnUri));
            }
        }
    } else {
        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('server_error', 'no redirection uri associated with client id', 'NO_REDIRECT_URI', array());
    }
} else {
    if (isset($_REQUEST['client_id'])) {
        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('unauthorized_client', 'unauthorized_client: ' . $_REQUEST['client_id'], 'UNAUTHORIZED_CLIENT', array('CLIENT_ID' => $_REQUEST['client_id']));
    } else {
        $errorParameters = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('missing_client', 'missing client id', 'MISSING_CLIENT_ID', array());
    }
}
//something went wrong, and we do not have a valid uri to redirect to.
$error_uri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/error.php'), $errorParameters);
SimpleSAML\Utils\HTTP::redirectTrustedURL($error_uri);
                }
            } else {
                $response = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'missing client id', 'MISSING_CLIENT_ID', array());
                $errorCode = 400;
            }
        } else {
            $response = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('unsupported_grant_type', 'unsupported grant type: ' . $_POST['grant_type'], 'UNSUPPORTED_GRANT_TYPE', array('GRANT_TYPE' => $_POST['grant_type']));
            $errorCode = 400;
        }
    } else {
        $response = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'missing grant type', 'MISSING_GRANT_TYPE', array());
        $errorCode = 400;
    }
} elseif ($_SERVER['REQUEST_METHOD'] != 'OPTIONS') {
    //dont freak over the damn ajax options pre-flight requests
    $response = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('invalid_request', 'http(s) POST required', 'MUST_POST', array());
    $errorCode = 400;
}
header('X-PHP-Response-Code: ' . $errorCode, true, $errorCode);
if ($errorCode === 401) {
    header("WWW-Authenticate: Basic realm=\"OAuth 2.0\"", true, $errorCode);
}
if (!is_null($response)) {
    if (array_key_exists('error', $response)) {
        $error_uri = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/error.php'), $response);
        $response['error_uri'] = $error_uri;
        unset($response['error_code_internal']);
        unset($response['error_parameters_internal']);
    }
    echo json_encode($response);
}
 /**
  * @group unit
  * @group utility
  */
 public function testBuildErrorResponse()
 {
     $this->assertEquals(array('error' => 'ERROR', 'error_description' => 'ERROR_DESCRIPTION', 'error_code_internal' => 'ERROR_CODE_INTERNAL', 'error_parameters_internal' => array('A' => '1', 'B' => '2')), \sspmod_oauth2server_Utility_Uri::buildErrorResponse('ERROR', 'ERROR_DESCRIPTION', 'ERROR_CODE_INTERNAL', array('A' => '1', 'B' => '2')));
 }
        }
        if (array_key_exists('state', $state)) {
            $fragment .= '&state=' . $state['state'];
        }
        sspmod_oauth2server_Utility_Uri::redirectUri($state['returnUri'] . $fragment);
    }
} else {
    if (array_key_exists('deny', $_REQUEST)) {
        $response = \sspmod_oauth2server_Utility_Uri::buildErrorResponse('access_denied', 'request denied by resource owner', 'CONSENT_NOT_GRANTED', array());
        $response['error_uri'] = SimpleSAML\Utils\HTTP::addURLParameters(SimpleSAML_Module::getModuleURL('oauth2server/authorization/error.php'), $response);
        if (array_key_exists('state', $state)) {
            $response['state'] = $state['state'];
        }
        unset($response['error_code_internal']);
        unset($response['error_parameters_internal']);
        sspmod_oauth2server_Utility_Uri::redirectUri(sspmod_oauth2server_Utility_Uri::addQueryParametersToUrl($state['returnUri'], $response));
    }
}
$t = new SimpleSAML_XHTML_Template($globalConfig, 'oauth2server:authorization/consent.php');
foreach ($config->getValue('scopes', array()) as $scope => $translations) {
    $t->includeInlineTranslation('{oauth2server:oauth2server:' . $scope . '}', $translations);
}
$t->includeInlineTranslation('{oauth2server:oauth2server:client_description}', array_key_exists('description', $client) ? $client['description'] : array('' => ''));
$t->data['clientId'] = $state['clientId'];
$t->data['stateId'] = $_REQUEST['stateId'];
$t->data['scopes'] = array();
$scopes = isset($client['scope']) ? $client['scope'] : array();
foreach ($state['requestedScopes'] as $scope) {
    $t->data['scopes'][$scope] = isset($scopes[$scope]) && $scopes[$scope];
}
$t->data['form'] = SimpleSAML_Module::getModuleURL('oauth2server/authorization/consent.php');