7.2. 错误响应(7.2. Error Response)

7.2. 错误响应

如果资源访问请求失败,资源服务器应该通知客户端该错误。虽然规定这些错误响应超出了本规范的范围,但是本文档在11.4节建立了一张公共注册表,用作OAuth令牌身份验证方案之间分享的错误值。

主要为OAuth令牌身份验证设计的新身份验证方案应该定义向客户端提供错误状态码的机制,其中允许的错误值限于本规范建立的错误注册表中。

这些方案可以限制有效的错误代码是注册值的子集。如果错误代码使用命名参数返回,该参数名称应该是“error”。

其他能够被用于OAuth令牌身份验证的方案,但不是主要为此目的而设计的,可以帮顶他们的错误值到相同方式的注册表项。

新的认证方案也可以选择指定使用“error_description”和"error_uri"参数,用于以本文档中用法相同的方式的返回错误信息。

 

7.2. Error Response



   If a resource access request fails, the resource server SHOULD inform
   the client of the error.  While the specifics of such error responses
   are beyond the scope of this specification, this document establishes
   a common registry in Section 11.4 for error values to be shared among
   OAuth token authentication schemes.

   New authentication schemes designed primarily for OAuth token
   authentication SHOULD define a mechanism for providing an error
   status code to the client, in which the error values allowed are
   registered in the error registry established by this specification.




Hardt                        Standards Track                   [Page 49]

 
RFC 6749                        OAuth 2.0                   October 2012


   Such schemes MAY limit the set of valid error codes to a subset of
   the registered values.  If the error code is returned using a named
   parameter, the parameter name SHOULD be "error".

   Other schemes capable of being used for OAuth token authentication,
   but not primarily designed for that purpose, MAY bind their error
   values to the registry in the same manner.

   New authentication schemes MAY choose to also specify the use of the
   "error_description" and "error_uri" parameters to return error
   information in a manner parallel to their usage in this
   specification.