- OAuth 2.0 Tutorial
- OAuth 2.0 - Home
- OAuth 2.0 - Overview
- OAuth 2.0 - Architecture
- OAuth 2.0 - Client Credentials
- Obtaining an Access Token
- Accessing a Protected Resource
- OAuth 2.0 - Extensibility
- OAuth 2.0 - IANA Considerations
- OAuth 2.0 Useful Resources
- OAuth 2.0 - Quick Guide
- OAuth 2.0 - Useful Resources
- OAuth 2.0 - Discussion
WWW-Authenticate Response Header Field
The resource server must include the HTTP "WWW-Authenticate" response header field, if the protected resource request contains an access token that is invalid or if the access token is malformed.
"WWW-Authenticate" header field uses the following format −
challenge = "OAuth" RWS token-challenge token-challenge = realm [CS error] [CS error-uri] [CS scope] [CS 1#auth –param] error = "error" "=" <"> token <"> error-desc = "error_description" "=" quoted-string error-uri = "error_uri" = <"> URI-Reference <"> scope = quoted-value / <"> quoted-value *(1*SP quoted-value) <"> quoted-value = 1* quoted-char
where,
realm − It is an attribute which specifies the scope of protection and is displayed to the users so that they know which username and password to use. This attribute must appear only once.
error − It is an attribute used to provide a client the specific reason why the access request was declined.
error_description − It is an attribute that provides a human-readable text that can be used to help in understanding the error that occurred.
error_uri − It is an attribute that provides a URI to identify a human-readable web page along with the information about the error that has occurred.
scope − It is an attribute which specifies the required scope of the access token in order to access the requested resource.