This article details the error codes that can be returned from various OAuth 2.0 requests.
Authorization Request Errors
Authorization error codes are defined in Section 4.1.2.1 of the OAuth 2.0 specification and Section 3.1.2.6 of the OpenID Connect specification.
The following error codes can be returned in the error parameter for Authorization requests:
Error code
|
Meaning
|
---|---|
invalid_request |
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. |
unauthorized_client | The client is not authorized to request an authorization code using this method. |
access_denied | The resource owner or authorization server denied the request. |
unsupported_response_type | The authorization server does not support obtaining an authorization code using this method. |
invalid_scope | The requested scope is invalid, unknown, or malformed. |
server_error |
The authorization server encountered an unexpected condition that prevented it from fulfilling the request. This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect. |
temporarily_unavailable |
The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. This error code is needed because a 503 Service Unavailable HTTP status code cannot be returned to the client via an HTTP redirect. |
login_required | The prompt parameter value is none but the user is not logged in to Class. |
consent_required | The prompt parameter value is none but there is no previous consent for one or more of the requested scope values. |
registration_not_supported | The request specified the registration OpenID Connect parameter. This parameter is not supported by the Class Authorization server |
request_not_supported | The request specified the request OpenID Connect parameter. This parameter is not supported by the Class Authorization server |
request_uri_not_supported | The request specified the request uri OpenID Connect parameter. This parameter is not supported by the Class Authorization server |
Token request errors
Token and refresh error codes are defined in Section 5.2 of the OAuth 2.0 specification.
The following error codes can be returned in the error property for Token requests and Refresh requests:
Error code
|
Meaning
|
---|---|
invalid_request |
The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed. |
invalid_client |
Client authentication failed. |
invalid_grant |
The provided authorization grant or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client. |
unauthorized_client |
The client is not authorized to request an access token using the specified grant type. |
unsupported_grant_type | The specified grant type is not supported by the authorization server. The Class API currently only supports the authorization code and refresh token grant types. |
invalid_scope | The requested scope is invalid, unknown, or malformed, or exceeds the scope granted by the resource owner. |