OAuth Responses: Authorization Code Grant Request
Acceptance
If the user accepts your App’s request to access Eloqua on their behalf,
their user agent is eventually redirected to your app’s
redirection endpoint with an authorization code in the code
URL
parameter, as in the following example authorization dialog:
HTTP/1.1 302 Found
Location: https://client.example.com/cb?code=SplxlOBeZQQYbYS6WxSbIA&state=xyz
Rejection
If the user rejects your app’s request to access Eloqua on their behalf,
their user agent is eventually redirected to your App’s registered
redirection endpoint with the error access_denied
in the error
URL
parameter, as in the following:
HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=access_denied&state=xyz
Failure Before client_id
or redirect_url
Validation
If a failure occurs before the supplied client_id or redirect_uri are validated, we can’t safely redirect the user agent back to the redirect URI to report the failure, and so we return the details of the failure in the body of the response.
Missing client_id
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&redirect_uri=https%3a%2f%2fclient.example.com%2fapp&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "client_id" parameter is required.
Unknown client_id
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=00000000000000000000000000000000
&redirect_uri=https%3a%2f%2fclient.example.com%2fapp&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "client_id" value is not a known client identifier.
Malformed client_id
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=malformed&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "client_id" value is not a valid client identifier.
Missing redirect_uri
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "redirect_uri" parameter is required.
Malformed redirect_uri
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=malformed&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "redirect_uri" value is not a valid URI.
Mismatched redirect_uri
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2attacker.com%2fapp
&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "redirect_uri" value doesn't start with the client redirect URI.
Non-HTTPS redirect_uri
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=http%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "redirect_uri" value is not an HTTPS URI.
redirect_uri
with fragment
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp%23fragment
&scope=full&state=xyz
HTTP/1.1 200 OK
Content-Type: text/html
The "redirect_uri" value has a fragment.
Failure After client_id
and redirect_uri
Validation
If a failure occurs after the client_id
and redirect_uri
have
been validated, Eloqua can safely redirect user agent back to the
redirect URI to report the failure. In this case, the Authorization
Dialog returns the details of the failure in the error
and
error_description
URL parameters.
Internal server error
HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=server_error
&error_description=The+server+encountered+an+unexpected+condition+that+prevented
+it+from+fulfilling+the+request.&state=xyz
Missing response_type
GET https://login.eloqua.com/auth/oauth2/authorize?
client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz
HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=invalid_request
&error_description=The+%22response_type%22+parameter+is+required.&state=xyz
Unknown response_type
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=unknown
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=full&state=xyz
HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=unsupported_response_type
&error_description=The+%22response_type%22+parameter+must+be+either+%22code%22
+or+%22token%22.&state=xyz
Unknown scope
GET https://login.eloqua.com/auth/oauth2/authorize?response_type=code
&client_id=s6BhdRkqt3&redirect_uri=https%3a%2f%2fclient.example.com%2fapp
&scope=unknown&state=xyz
HTTP/1.1 302 Found
Location: https://client.example.com/cb?error=invalid_scope
&error_description=The+%22scope%22+parameter+must+be+either+%22full%22+or
+not+supplied.&state=xyz