Overview#

OAuth Error is an Result Code indicating something went wrong. (i.e. Error)

If an OAuth 2.0 request fails due to a missing, invalid, or mismatching redirect_uri, or if the OAuth Client identifier is missing or invalid, the Authorization Server SHOULD inform the Resource Owner of the error and MUST NOT automatically redirect the user-agent to the invalid Redirect URI.

If the Resource Owner denies the access Authorization Request or if the request fails for reasons other than a missing or invalid redirect_uri, the Authorization Server informs the client by adding the following parameters to the query component of the Redirect URI using the "application/x-www-form-urlencoded" format, per Appendix B

OAuth Extensions Error Registration#

OAuth Error should be registered in the OAuth Parameters Registry

error REQUIRED#

A single ASCII error code from the following:

• unauthorized_client
• access_denied
• unsupported_response_type
• invalid_scope
• server_error
• temporarily_unavailable
• invalid_request
• invalid_token
• invalid_grant
• invalid_scope
• insufficient_scope
• unsupported_token_type
• interaction_required
• login_required
• session_selection_required
• consent_required
• invalid_request_uri
• invalid_request_object
• request_not_supported
• request_uri_not_supported
• registration_not_supported

error_description OPTIONAL #

Human-readable ASCII (US-ASCII) text providing additional information, used to assist the OAuth Client developer in understanding the error that occurred.

Values MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.

error_uri OPTIONAL#

A URI identifying a human-readable web page with information about the error, used to provide the client developer with additional information about the error.

state REQUIRED#

if a "state" parameter was present in the client Authorization Request. The exact value received from the client.

More Information#

There might be more information for this subject on one of the following:

• Account_selection_required
• Authorization API
• Authorization Response
• Authorization Server Authentication of the End-User
• Code_challenge_method
• Consent_required
• Forbidden
• Interaction_required
• Invalid_request_object
• Invalid_request_uri
• Login_required
• Mutual TLS Sender Constrained Resources Access
• OAuth 2.0 Token Revocation
• OAuth Parameters Registry
• OpenID Connect Authentication Response
• Prompt Parameter
• Proof Key for Code Exchange by OAuth Public Clients
• Protection API
• Registration_not_supported
• Request_not_supported
• Request_uri_not_supported
• Resource Parameter
• Response_type
• Select_account
• Server_error
• Temporarily_unavailable