Response Errors in Step Two and in the Refresh Token Response

The following table lists errors that may occur in Step Two of the OAuth 2.0 authorization code grant flow and in the response to the refresh token request.

The JSON format for the response is:

          {
    "error": "<error_value>"
} 

        

Error Value

Error Description

Resolution

invalid_request

Any of the following conditions can cause the invalid_request error to occur:

  • One or more required parameters are missing or malformed.

  • The grant_type value is incorrect.

  • Multiple client authentication approaches are used.

  • Any other type of a malformed request is sent.

The HTTP status code is 400 Bad Request.

Ensure that your request is valid and in the correct format. For more information, see Step Two POST Request to the Token Endpoint.

invalid_client

Authentication of the client fails.

The HTTP status code is 401 Unauthorized.

The response header is set to:

Basic realm=<accountID>

Following is an example of the response header:

                    HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="123456" 

                  

Ensure that you use the correct values of the client ID and client secret for the corresponding integration record.

invalid_grant

Any of the following conditions can cause the invalid_grant error to occur:

  • The authorization code is invalid, expired, or revoked.

  • The refresh token is invalid, expired, or revoked.

    Important:

    In case the refresh token is expired, the application must go back to Step One of the OAuth 2.0 authorization code grant flow to restart the process.

  • The redirect URI does not match the redirect URI in the authorization request.

  • The authorization code or refresh token cannot be associated with the client.

  • The code_verifier parameter in Step Two does not match the code_verifier parameter in Step One.

The HTTP status code is 400 Bad Request.

Ensure that values of all parameters are correct and matching the values from Step One of the flow. For more information, see Step Two POST Request to the Token Endpoint.

unauthorized_client

The value of the authorization grant_type is not allowed for the client.

Ensure that you use the correct values of the client ID and client secret for the corresponding integration record.

unsupported_grant_type

The value of the grant_type parameter is neither authorization_code nor refresh_token.

The HTTP status code is 400 Bad Request.

Ensure that the value of grant_type parameter is authorization_code or refresh_token.

invalid_scope

The scope cannot be handled. The scope value is malformed, unknown, or invalid.

The HTTP status code is 400 Bad Request.

Ensure that the scope value is in correct format. For more information, see Step Two POST Request to the Token Endpoint.

For more information about Step Two of the OAuth 2.0 authorization code grant flow, see Step Two POST Request to the Token Endpoint.

For more information about the refresh token request, see Refresh Token POST Request to the Token Endpoint.

Related Topics

Authorization Code Grant Flow Errors
Authorization Errors in Step One
RESTlets and REST Web Services Authentication Errors

General Notices