oauth tutorial - OAuth Error Response and Codes - oauth2 tutorial - oauth authentication



What is Error Response and Codes in OAuth 2.0?

  • The authorization server has error response which responds with HTTP 400 or 401 status codes.
  • If an error occurs during the authorization, two cases are given.

Case 1:

  • The client is not identified or recognized by the authorization server.

Case 2:

  • Despite the client being identified, some other error message is shown.
  • If that is the case, an error response is sent back to the client which is given as follows:

Error

  • Hence it is required and is given as a set of predefined error codes.

Error description

  • Error description is human readable error description given in the language specified by the Content-Language header
  • The error description parameter is used only to include ASCII characters, and it should be given as a sentence or two when describing the circumstance of the error.

Error Uri

  • This is given as a link to the human-readable web page which is given along with information about an error which can be helpful for problem solving.
  • The error uri is a link to the API documentation for information as per how to correct the specfic error which was encountered.
  • Error responses are returned with an HTTP 400 status code with error and error description parameters. The error parameters are given below as follows:
  • invalid_request is the request which is missing a parameter so the server can’t proceed with the request.
  • invalid_client is known for client authentication failed, such as the request contains an invalid client ID or secret.
  • invalid_grant is given the authorization code which is said to be invalid or expired. This is also can be given as the error we would return if the redirect URL given in the authorization grant does not match the URL which is provided in the access token request.
  • invalid_scope is done for access token requests that include a scope in which the error indicates an invalid scope value given in the request.
  • unauthorized_client is the client who is not authorized to use the requested grant type.
  • unsupported_grant_type is shown if a grant type is requested such that the authorization server does not recognize.
  • The entire error response is returned as a JSON string, which is given similar to the successful response.
  • Given below is an example of an error response.

Example:

HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
 
{
  "error": "invalid_request",
  "error_description": "Request was missing the 'redirect_uri' parameter.",
  "error_uri": "See the full API docs at
     <https://authorization-server.com/docs/access_token>"
}
click below button to copy the code. By - oauth tutorial - oauth2 tutorial - team
  • Description of error codes and equivalent HTTP status codes are given below in form of tables:

400 Errors

  • The table which is given below shows us the description of 400 errors.
Sr.No. Error & Description
1 unsupported_over_http

OAuth 2.0 only supports the calls over https.

2 version_rejected

If an unsupported version of OAuth is supplied.

3 parameter_absent

If a required parameter is missing from the request.

4 parameter_rejected

When a given parameter is too long.

5 invalid_client

When an invalid client ID is given.

6 invalid_request

When an invalid request parameter is given.

7 unsupported_response_type

When a response type provided does not match that particular request.

8 unsupported_grant_type

When a grant type is provided that does not match a particular request.

9 invalid_param

When an invalid request parameter is provided.

10 unauthorized_client

When the client is not given the permission to perform some action.

11 access_denied

When the resource owner refuses the request for authorization.

12 server_error

This error displays an unexpected error.

401 Errors

  • The table which is given below shows us the description of 401 errors.
Sr.No. Error & Description
1 token_expired

When the provided token expires.

2 invalid_token

When the provided token is invalid.

3 invalid_callback

When the provided URI with the request does not match the consumer key.

4 invalid_client_secret

When the provided client server is invalid.

5 invalid_grant

When the provided token has either expired or is invalid.


Related Searches to OAuth Error Response and Codes