Authorization Errors in Step One

The following table lists errors that may occur in Step One of the OAuth 2.0 authorization code grant flow. Error requests are sent to the redirect URI with a specific error value, and should be handled by the application.

The redirect parameter is error.

Error Value	Error Description	Resolution
invalid_request	One or more required parameters are missing. Important: The redirect does not take place if the redirect URI in the GET request does not match the value in the Redirect URI field in the corresponding integration record. Only the error message should be displayed.	Ensure that none of the parameters is missing in the request in Step One. For more information, see Step One GET Request to the Authorization Endpoint.
unauthorized_client	The redirect does not take place if the client is unknown to the authorization server. Only the error message should be displayed.	Ensure that you use the correct values of the client ID and client secret for the corresponding integration record.
access_denied	A user clicks the Deny or Back button on the consent screen and interrupts the flow.	The user must Click Allow or Continue to give the application consent. For more information, see Consent Screen.
unsupported_response_type	The response type cannot be handled.	Ensure that the response type value is correct. For more information, see Step One GET Request to the Authorization Endpoint.
invalid_scope	The scope cannot be handled. The scope value is malformed, unknown, or invalid.	Ensure that the scope value is in correct format. For more information, see Step One GET Request to the Authorization Endpoint.

Error Value

Error Description

Resolution

invalid_request

One or more required parameters are missing.

Important:

The redirect does not take place if the redirect URI in the GET request does not match the value in the Redirect URI field in the corresponding integration record. Only the error message should be displayed.

Ensure that none of the parameters is missing in the request in Step One. For more information, see Step One GET Request to the Authorization Endpoint.

unauthorized_client

The redirect does not take place if the client is unknown to the authorization server. Only the error message should be displayed.

Ensure that you use the correct values of the client ID and client secret for the corresponding integration record.

access_denied

A user clicks the Deny or Back button on the consent screen and interrupts the flow.

The user must Click Allow or Continue to give the application consent. For more information, see Consent Screen.

unsupported_response_type

The response type cannot be handled.

Ensure that the response type value is correct. For more information, see Step One GET Request to the Authorization Endpoint.

invalid_scope

The scope cannot be handled. The scope value is malformed, unknown, or invalid.

Ensure that the scope value is in correct format. For more information, see Step One GET Request to the Authorization Endpoint.

The following is an example of a redirect to the redirect URI with an error:

https://<your_redirect_uri>?state=ykv2XLx1BpT5Q0F3MRPHb94j&role=1000&entity=12&company=1234567&error=<error_value>

For more information about Step One of the OAuth 2.0 authorization code grant flow, see Step One GET Request to the Authorization Endpoint.

Related Topics