oauth tutorial - OAuth Error Response and Codes - oauth2 tutorial - oauth authentication
What is Error Response and Codes in OAuth 2.0?
- The authorization server has error response which responds with HTTP 400 or 401 status codes.
- If an error occurs during the authorization, two cases are given.
Case 1:
- The client is not identified or recognized by the authorization server.
Case 2:
- Despite the client being identified, some other error message is shown.
- If that is the case, an error response is sent back to the client which is given as follows:
Error
- Hence it is required and is given as a set of predefined error codes.
Error description
- Error description is human readable error description given in the language specified by the Content-Language header
- The error description parameter is used only to include ASCII characters, and it should be given as a sentence or two when describing the circumstance of the error.
Error Uri
- This is given as a link to the human-readable web page which is given along with information about an error which can be helpful for problem solving.
- The error uri is a link to the API documentation for information as per how to correct the specfic error which was encountered.
- Error responses are returned with an HTTP 400 status code with error and error description parameters. The error parameters are given below as follows:
- invalid_request is the request which is missing a parameter so the server can’t proceed with the request.
- invalid_client is known for client authentication failed, such as the request contains an invalid client ID or secret.
- invalid_grant is given the authorization code which is said to be invalid or expired. This is also can be given as the error we would return if the redirect URL given in the authorization grant does not match the URL which is provided in the access token request.
- invalid_scope is done for access token requests that include a scope in which the error indicates an invalid scope value given in the request.
- unauthorized_client is the client who is not authorized to use the requested grant type.
- unsupported_grant_type is shown if a grant type is requested such that the authorization server does not recognize.
- The entire error response is returned as a JSON string, which is given similar to the successful response.
- Given below is an example of an error response.
Example:
- Description of error codes and equivalent HTTP status codes are given below in form of tables:
400 Errors
- The table which is given below shows us the description of 400 errors.
Sr.No. | Error & Description |
---|---|
1 | unsupported_over_http
OAuth 2.0 only supports the calls over https. |
2 | version_rejected
If an unsupported version of OAuth is supplied. |
3 | parameter_absent
If a required parameter is missing from the request. |
4 | parameter_rejected
When a given parameter is too long. |
5 | invalid_client
When an invalid client ID is given. |
6 | invalid_request
When an invalid request parameter is given. |
7 | unsupported_response_type
When a response type provided does not match that particular request. |
8 | unsupported_grant_type
When a grant type is provided that does not match a particular request. |
9 | invalid_param
When an invalid request parameter is provided. |
10 | unauthorized_client
When the client is not given the permission to perform some action. |
11 | access_denied
When the resource owner refuses the request for authorization. |
12 | server_error
This error displays an unexpected error. |
401 Errors
- The table which is given below shows us the description of 401 errors.
Sr.No. | Error & Description |
---|---|
1 | token_expired
When the provided token expires. |
2 | invalid_token
When the provided token is invalid. |
3 | invalid_callback
When the provided URI with the request does not match the consumer key. |
4 | invalid_client_secret
When the provided client server is invalid. |
5 | invalid_grant
When the provided token has either expired or is invalid. |