Overview#
OAuth Error is an Result Code indicating something went wrong. (i.e. Error)If an OAuth 2.0 request fails due to a missing, invalid, or mismatching redirect_uri, or if the OAuth Client identifier is missing or invalid, the Authorization Server SHOULD inform the Resource Owner of the error and MUST NOT automatically redirect the user-agent to the invalid Redirect URI.
If the Resource Owner denies the access Authorization Request or if the request fails for reasons other than a missing or invalid redirect_uri, the Authorization Server informs the client by adding the following parameters to the query component of the Redirect URI using the "application/x-www-form-urlencoded" format, per Appendix B
OAuth Extensions Error Registration#
OAuth Error should be registered in the OAuth Parameters Registryerror REQUIRED#
A single ASCII error code from the following:- unauthorized_client
- access_denied
- unsupported_response_type
- invalid_scope
- server_error
- temporarily_unavailable
- invalid_request
- invalid_token
- invalid_grant
- invalid_scope
- insufficient_scope
- unsupported_token_type
- interaction_required
- login_required
- session_selection_required
- consent_required
- invalid_request_uri
- invalid_request_object
- request_not_supported
- request_uri_not_supported
- registration_not_supported
error_description OPTIONAL #
Human-readable ASCII (US-ASCII) text providing additional information, used to assist the OAuth Client developer in understanding the error that occurred.Values MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.
error_uri OPTIONAL#
A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.state REQUIRED#
if a "state" parameter was present in the client Authorization Request. The exact value received from the client.
More Information#
There might be more information for this subject on one of the following:- Account_selection_required
- Authorization API
- Authorization Response
- Authorization Server Authentication of the End-User
- Code_challenge_method
- Consent_required
- Forbidden
- Id_token_hint
- Identity Token
- Interaction_required
- Invalid_request_object
- Invalid_request_uri
- Login_required
- Mutual TLS Sender Constrained Resources Access
- OAuth 2.0 Token Revocation
- OAuth Parameters Registry
- OpenID Connect Authentication Response
- Prompt Parameter
- Proof Key for Code Exchange by OAuth Public Clients
- Protection API
- Registration_not_supported
- Request_not_supported
- Request_uri_not_supported
- Resource Parameter
- Response_type
- Select_account
- Server_error
- Temporarily_unavailable