4.2.2.1. 错误响应(4.2.2.1. Error Response)
4.2.2.1. 错误响应
如果由于缺失、无效或不匹配的重定向URI而请求失败,或者如果客户端表示缺失或无效,授权服务器应该通知资源所有者该错误且不能向无效的重定向URI自动重定向用户代理。
如果资源所有者拒绝访问请求,或者如果请求因为其他非缺失或无效重定向URI原因而失败,授权服务器通过按附录B使用“application/x-www-form-urlencoded”格式向重定向URI的片段部分添加下列参数通知客户端:
-
error
必需的。下列ASCII[USASCII]错误代码之一:- invalid_request
请求缺少必需的参数、包含无效的参数值、包含一个参数超过一次或其他不良格式。 - unauthorized_client
客户端未被授权使用此方法请求授权码。 - access_denied
资源所有者或授权服务器拒绝该请求。 - unsupported_response_type
授权服务器不支持使用此方法获得授权码。 - invalid_scope
请求的范围无效,未知的或格式不正确。 - server_error
授权服务器遇到意外情况导致其无法执行该请求。(此错误代码是必要的,因为500内部服务器错误HTTP状态代码不能由HTTP重定向返回给客户端)。 - temporarily_unavailable
授权服务器由于暂时超载或服务器维护目前无法处理请求。 (此错误代码是必要的,因为503服务不可用HTTP状态代码不可以由HTTP重定向返回给客户端)。
“error”参数的值不能包含集合%x20-21 /%x23-5B /%x5D-7E以外的字符。
- invalid_request
-
error_description
可选的。提供额外信息的人类可读的ASCII[USASCII]文本,用于协助客户端开发人员理解所发生的错误。“error_description”参数的值不能包含集合%x20-21 /%x23-5B /%x5D-7E以外的字符。
-
error_uri
可选的。指向带有有关错误的信息的人类可读网页的URI,用于提供客户端开发人员关于该错误的额外信息。“error_uri”参数值必须符合URI参考语法,因此不能包含集合%x21/%x23-5B /%x5D-7E以外的字符。
-
state
必需的,若“state”参数在客户端授权请求中提交。从客户端接收的精确值。
例如,授权服务器通过发送以下HTTP响应重定向用户代理:
HTTP/1.1 302 Found Location: https://client.example.com/cb#error=access_denied&state=xyz
4.2.2.1. Error Response
If the request fails due to a missing, invalid, or mismatching
redirection URI, or if the client identifier is missing or invalid,
the authorization server SHOULD inform the resource owner of the
error and MUST NOT automatically redirect the user-agent to the
invalid redirection URI.
If the resource owner denies the access request or if the request
fails for reasons other than a missing or invalid redirection URI,
the authorization server informs the client by adding the following
parameters to the fragment component of the redirection URI using the
"application/x-www-form-urlencoded" format, per Appendix B:
error
REQUIRED. A single ASCII [USASCII] error code from the
following:
invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed.
unauthorized_client
The client is not authorized to request an access token
using this method.
access_denied
The resource owner or authorization server denied the
request.
unsupported_response_type
The authorization server does not support obtaining an
access token using this method.
invalid_scope
The requested scope is invalid, unknown, or malformed.
Hardt Standards Track [Page 36]
RFC 6749 OAuth 2.0 October 2012
server_error
The authorization server encountered an unexpected
condition that prevented it from fulfilling the request.
(This error code is needed because a 500 Internal Server
Error HTTP status code cannot be returned to the client
via an HTTP redirect.)
temporarily_unavailable
The authorization server is currently unable to handle
the request due to a temporary overloading or maintenance
of the server. (This error code is needed because a 503
Service Unavailable HTTP status code cannot be returned
to the client via an HTTP redirect.)
Values for the "error" parameter MUST NOT include characters
outside the set %x20-21 / %x23-5B / %x5D-7E.
error_description
OPTIONAL. Human-readable ASCII [USASCII] text providing
additional information, used to assist the client developer in
understanding the error that occurred.
Values for the "error_description" parameter MUST NOT include
characters outside the set %x20-21 / %x23-5B / %x5D-7E.
error_uri
OPTIONAL. A URI identifying a human-readable web page with
information about the error, used to provide the client
developer with additional information about the error.
Values for the "error_uri" parameter MUST conform to the
URI-reference syntax and thus MUST NOT include characters
outside the set %x21 / %x23-5B / %x5D-7E.
state
REQUIRED if a "state" parameter was present in the client
authorization request. The exact value received from the
client.
For example, the authorization server redirects the user-agent by
sending the following HTTP response:
HTTP/1.1 302 Found
Location: https://client.example.com/cb#error=access_denied&state=xyz
No Comments