Authorization Error
The authorization server returns an error response if the request processing fails. The processing of the request fails due to one of the following reasons:
- Missing, invalid, or mismatching redirection URI
For this case, the authorization server informs the resource owner of the error and does not automatically redirect the user-agent to the invalid redirection URI.
- Missing or invalid client identifier
For this case, the authorization server informs the resource owner of the error and does not automatically redirect the user-agent to the invalid redirection URI.
- Resource owner denies the access request
The authorization server informs the client by adding the following parameters to the query component of the redirection URI using the application/x-www-form-urlencoded format.
| Parameter | Description |
|---|---|
| error | Specifies a single error code returned from the authorization server.
Required. Refer to Authorize Request Error Codes table for the error codes. |
| state | Refers to the exact state parameter value as received from the client. This is required if the state parameter was present in the client authorization request. |
| Error Code | Description |
|---|---|
| invalid_request | |
| The request is missing a required parameter, includes an invalid parameter value, includes parameter more than once, or is otherwise malformed. | |
| unauthorized_client | |
| The client is not authorized to request an authorization code using this method. | |
| access_denied | |
| The resource owner or authorization server denied the request. | |
| unsupported_response_type | |
| The authorization server does not support obtaining an authorization code using this method. | |
| invalid_scope | |
| The requested scope is invalid, unknown, or malformed. | |
| server_error | |
| The authorization server encountered an unexpected condition that prevented it from fulfilling the request. This error code is needed because a 500 Internal Server Error HTTP status code cannot be returned to the client via an HTTP redirect. | |