OAuth Responses: Authorization Code Grant Request

Acceptance

If the user accepts your App’s request to access Eloqua on their behalf, their user agent is eventually redirected to your app’s redirection endpoint with an authorization code in the code URL parameter, as in the following example authorization dialog:

HTTP/1.1 302 Found
Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz

Rejection

If the user rejects your app’s request to access Eloqua on their behalf, their user agent is eventually redirected to your App’s registered redirection endpoint with the error access_denied in the error URL parameter, as in the following:

HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=access_denied&state=xyz

Failure Before `client_id` or `redirect_url` Validation

If a failure occurs before the supplied client_id or redirect_uri are validated, we can’t safely redirect the user agent back to the redirect URI to report the failure, and so we return the details of the failure in the body of the response.

Missing `client_id`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&redirect_uri=https%3a%2f%2fclient.example.com%2fapp&scope=full&state=xyz

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;client_id&quot; parameter is required.

Unknown `client_id`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=00000000000000000000000000000000
&redirect_uri=https%3a%2f%2fclient.example.com%2fapp&scope=full&state=xyz

                                                                    

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;client_id&quot; value is not a known client identifier.

Malformed `client_id`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=malformed&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz

                                                                    

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;client_id&quot; value is not a valid client identifier.

Missing `redirect_uri`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&scope=full&state=xyz

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;redirect_uri&quot; parameter is required.

Malformed `redirect_uri`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=malformed&scope=full&state=xyz

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;redirect_uri&quot; value is not a valid URI.

Mismatched `redirect_uri`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2attacker.com%2fapp
&scope=full&state=xyz

                                                                    

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;redirect_uri&quot; value doesn&#39;t start with the client redirect URI.

Non-HTTPS `redirect_uri`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=http%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz

                                                                    

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;redirect_uri&quot; value is not an HTTPS URI.

`redirect_uri` with fragment

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp%23fragment
&scope=full&state=xyz

                                                                    

HTTP/1.1 200 OK
Content-Type: text/html

The &quot;redirect_uri&quot; value has a fragment.

Failure After `client_id` and `redirect_uri` Validation

If a failure occurs after the client_id and redirect_uri have been validated, Eloqua can safely redirect user agent back to the redirect URI to report the failure. In this case, the Authorization Dialog returns the details of the failure in the error and error_description URL parameters.

Internal server error

HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=server_error
&error_description=The+server+encountered+an+unexpected+condition+that+prevented
+it+from+fulfilling+the+request.&state=xyz

                                                                    

Missing `response_type`

GET https://login.eloqua.com/auth/oauth2/authorize?
client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz

HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=invalid_request
&error_description=The+%22response_type%22+parameter+is+required.&state=xyz

                                                                    

Unknown `response_type`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=unknown
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz

HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=unsupported_response_type
&error_description=The+%22response_type%22+parameter+must+be+either+%22code%22
+or+%22token%22.&state=xyz

                                                                    

Unknown `scope`

GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=unknown&state=xyz

HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=invalid_scope
&error_description=The+%22scope%22+parameter+must+be+either+%22full%22+or
+not+supplied.&state=xyz

                                                                    

Learn more

Authenticate using OAuth 2.0

OAuth signing

Authentication

OAuth Responses: Authorization Code Grant Request

Acceptance

Rejection

Failure Before client_id or redirect_url Validation

Missing client_id

Unknown client_id

Malformed client_id

Missing redirect_uri

Malformed redirect_uri

Mismatched redirect_uri

Non-HTTPS redirect_uri

redirect_uri with fragment

Failure After client_id and redirect_uri Validation