Errors may happen in different layers. You may get notified in different ways
dependent on where the error happens.
Missing Required OAuth Parameters
If you forget to set the required OAuth parameters, such as the client_id or
scope, you’ll see an error message like below in your browser’s JavaScript
Console.
Fix OAuth Configuration Errors
Changes in the Google APIs console
may be required to resolve some errors.
- Creates a client ID
if not yet. - For popup UX, add all domains that may trigger the current flow to
Authorized JavaScript origins. - For redirect UX, add all URLs that may receive authorization responses to
Authorized redirect URIs. - Properly configure your OAuth Consent screen.
- Submit your app for verification
if needed. - You might need to take additional steps to comply with Google’s OAuth 2.0 Policies.
Invalid OAuth Parameter Values
If you set the invalid values to OAuth parameters, such as the invalid client id
, scope identifiers, or response type values, you’ll see the OAuth error page.
OAuth Error Responses
OAuth may return an error response, in which case your
callback
function will be triggered with the error response as the parameter.
The following is an example OAuth error response.
{
"error":"access_denied"
}
Some examples are listed as below.
- The user denies the OAuth request.
- For an OAuth request with
prompt=none
parameter, the user is not already authenticated and has not pre-configured
consent for the requested scopes.
The example below shows how to handle the success and error OAuth responses.
function myCallback(response) {
if (response.error) {
// Handle error response
... ...
} else if (response.code) {
// Handle success code response
... ...
}
}
Non-OAuth Errors
OAuth doesn’t define the behaviors when:
- the popup window fails to open.
- the popup window is closed before an OAuth response is returned.
This library captures these errors, and triggers the
error_callback
if set. Be sure to check the error type like below. Otherwise, your code logic
may be affected when this library support new error types later.
function myErrorCallback(err) {
if (err.type == 'popup_failed_to_open') {
// The popup window is failed to open
... ...
} else if (err.type == 'popup_closed') {
// The popup window is closed before an OAuth response is returned
... ...
}
}
const client = google.accounts.oauth2.initCodeClient({
client_id: 'YOUR_GOOGLE_CLIENT_ID',
scope: 'https://www.googleapis.com/auth/calendar.readonly',
ux_mode: 'popup',
callback: myCallback,
error_callback: myErrorCallback
});
What is Error Response and Codes in OAuth 2.0?
- The authorization server has error response which responds with HTTP 400 or 401 status codes.
- If an error occurs during the authorization, two cases are given.
Case 1:
- The client is not identified or recognized by the authorization server.
Case 2:
- Despite the client being identified, some other error message is shown.
- If that is the case, an error response is sent back to the client which is given as follows:
Error
- Hence it is required and is given as a set of predefined error codes.
Error description
- Error description is human readable error description given in the language specified by the Content-Language header
- The error description parameter is used only to include ASCII characters, and it should be given as a sentence or two when describing the circumstance of the error.
Error Uri
- This is given as a link to the human-readable web page which is given along with information about an error which can be helpful for problem solving.
- The error uri is a link to the API documentation for information as per how to correct the specfic error which was encountered.
- Error responses are returned with an HTTP 400 status code with error and error description parameters. The error parameters are given below as follows:
- invalid_request is the request which is missing a parameter so the server can’t proceed with the request.
- invalid_client is known for client authentication failed, such as the request contains an invalid client ID or secret.
- invalid_grant is given the authorization code which is said to be invalid or expired. This is also can be given as the error we would return if the redirect URL given in the authorization grant does not match the URL which is provided in the access token request.
- invalid_scope is done for access token requests that include a scope in which the error indicates an invalid scope value given in the request.
- unauthorized_client is the client who is not authorized to use the requested grant type.
- unsupported_grant_type is shown if a grant type is requested such that the authorization server does not recognize.
- The entire error response is returned as a JSON string, which is given similar to the successful response.
- Given below is an example of an error response.
Example:
HTTP/1.1 400 Bad Request
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache
{
"error": "invalid_request",
"error_description": "Request was missing the 'redirect_uri' parameter.",
"error_uri": "See the full API docs at
<https://authorization-server.com/docs/access_token>"
}
click below button to copy the code. By — oauth tutorial — oauth2 tutorial — team
- Description of error codes and equivalent HTTP status codes are given below in form of tables:
400 Errors
- The table which is given below shows us the description of 400 errors.
| Sr.No. | Error & Description |
|---|---|
| 1 | unsupported_over_http
OAuth 2.0 only supports the calls over https. |
| 2 | version_rejected
If an unsupported version of OAuth is supplied. |
| 3 | parameter_absent
If a required parameter is missing from the request. |
| 4 | parameter_rejected
When a given parameter is too long. |
| 5 | invalid_client
When an invalid client ID is given. |
| 6 | invalid_request
When an invalid request parameter is given. |
| 7 | unsupported_response_type
When a response type provided does not match that particular request. |
| 8 | unsupported_grant_type
When a grant type is provided that does not match a particular request. |
| 9 | invalid_param
When an invalid request parameter is provided. |
| 10 | unauthorized_client
When the client is not given the permission to perform some action. |
| 11 | access_denied
When the resource owner refuses the request for authorization. |
| 12 | server_error
This error displays an unexpected error. |
401 Errors
- The table which is given below shows us the description of 401 errors.
| Sr.No. | Error & Description |
|---|---|
| 1 | token_expired
When the provided token expires. |
| 2 | invalid_token
When the provided token is invalid. |
| 3 | invalid_callback
When the provided URI with the request does not match the consumer key. |
| 4 | invalid_client_secret
When the provided client server is invalid. |
| 5 | invalid_grant
When the provided token has either expired or is invalid. |
The authorization server responds with HTTP 400 or 401 status codes. Here, two cases take place, if an error occurs during the authorization. In the first case, the client is not identified or recognized. In the second case, something else fails in spite of the client being identified exactly. In such a case, an error response is sent back to the client as follows −
-
error_description − It is an optional human readable error description in a language specified by Content-Language header, which is meant for the developer and not the end user.
-
error_uri − It is an optional link to a human-readable web page along with information about an error that can be helpful for problem solving.
-
error − It is a set of predefined error codes.
Following is the description of error codes and equivalent HTTP status codes.
400 Errors
The following table shows 400 errors with description.
| Sr.No. | Error & Description |
|---|---|
| 1 |
unsupported_over_http OAuth 2.0 only supports the calls over https. |
| 2 |
version_rejected If an unsupported version of OAuth is supplied. |
| 3 |
parameter_absent If a required parameter is missing from the request. |
| 4 |
parameter_rejected When a given parameter is too long. |
| 5 |
invalid_client When an invalid client ID is given. |
| 6 |
invalid_request When an invalid request parameter is given. |
| 7 |
unsupported_response_type When a response type provided does not match that particular request. |
| 8 |
unsupported_grant_type When a grant type is provided that does not match a particular request. |
| 9 |
invalid_param When an invalid request parameter is provided. |
| 10 |
unauthorized_client When the client is not given the permission to perform some action. |
| 11 |
access_denied When the resource owner refuses the request for authorization. |
| 12 |
server_error This error displays an unexpected error. |
401 Errors
The following table shows 401 errors with description.
| Sr.No. | Error & Description |
|---|---|
| 1 |
token_expired When the provided token expires. |
| 2 |
invalid_token When the provided token is invalid. |
| 3 |
invalid_callback When the provided URI with the request does not match the consumer key. |
| 4 |
invalid_client_secret When the provided client server is invalid. |
| 5 |
invalid_grant When the provided token has either expired or is invalid. |
oauth2.0_client_credentials.htm
При обмене кода на маркер доступа может возникнуть ряд дополнительных ошибок. Формат этих ответов зависит от передаваемого заголовка Accept.
Примечание. В этих примерах показаны только ответы JSON.
Неверные учетные данные клиента
Если передан неверный _идентификатор или секрет клиента_, вы получите этот ответ об ошибке.
{
"error": "incorrect_client_credentials",
"error_description": "The client_id and/or client_secret passed are incorrect.",
"error_uri": "/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#incorrect-client-credentials"
}
Чтобы устранить ошибку, убедитесь в наличии правильных учетных данных для OAuth app. Тщательно проверьте правильность значений client_id и client_secret и их передачи в GitHub.
Несоответствие URI перенаправления
Если вы указали redirect_uri, который не совпадает с зарегистрированным в OAuth app, вы получите следующее сообщение об ошибке:
{
"error": "redirect_uri_mismatch",
"error_description": "The redirect_uri MUST match the registered callback URL for this application.",
"error_uri": "/apps/managing-oauth-apps/troubleshooting-authorization-request-errors/#redirect-uri-mismatch2"
}
Чтобы исправить эту ошибку, укажите redirect_uri, который соответствует зарегистрированному, или оставьте этот параметр пустым, чтобы использовался зарегистрированный по умолчанию с приложением.
Неверный код проверки
{
"add_scopes": [
"repo"
],
"note": "admin script"
}
Если переданный код проверки неверен, просрочен или не соответствует тому, что вы получили в первом запросе на авторизацию, вы получите эту ошибку.
{
"error": "bad_verification_code",
"error_description": "The code passed is incorrect or expired.",
"error_uri": "/apps/managing-oauth-apps/troubleshooting-oauth-app-access-token-request-errors/#bad-verification-code"
}
Чтобы устранить ошибку, запустите процесс авторизации OAuth еще раз и получите новый код.