OAuth 2.0 - Error Response and Codes



The authorization server responds with HTTP 400 or 401 status codes. Here, two cases take place, if an error occurs during the authorization. In the first case, the client is not identified or recognized. In the second case, something else fails in spite of the client being identified exactly. In such a case, an error response is sent back to the client as follows −

  • error_description − It is an optional human readable error description in a language specified by Content-Language header, which is meant for the developer and not the end user.

  • error_uri − It is an optional link to a human-readable web page along with information about an error that can be helpful for problem solving.

  • error − It is a set of predefined error codes.

Following is the description of error codes and equivalent HTTP status codes.

400 Errors

The following table shows 400 errors with description.

Sr.No. Error & Description
1

unsupported_over_http

OAuth 2.0 only supports the calls over https.

2

version_rejected

If an unsupported version of OAuth is supplied.

3

parameter_absent

If a required parameter is missing from the request.

4

parameter_rejected

When a given parameter is too long.

5

invalid_client

When an invalid client ID is given.

6

invalid_request

When an invalid request parameter is given.

7

unsupported_response_type

When a response type provided does not match that particular request.

8

unsupported_grant_type

When a grant type is provided that does not match a particular request.

9

invalid_param

When an invalid request parameter is provided.

10

unauthorized_client

When the client is not given the permission to perform some action.

11

access_denied

When the resource owner refuses the request for authorization.

12

server_error

This error displays an unexpected error.

401 Errors

The following table shows 401 errors with description.

Sr.No. Error & Description
1

token_expired

When the provided token expires.

2

invalid_token

When the provided token is invalid.

3

invalid_callback

When the provided URI with the request does not match the consumer key.

4

invalid_client_secret

When the provided client server is invalid.

5

invalid_grant

When the provided token has either expired or is invalid.

oauth2.0_client_credentials.htm
Advertisements