When calling “oauth2/default/v1/token” using email and password and getting the StatusCode: 400, when deserializing the token response I’m wanting to handle what errors could return when during this process.
Do you happen to have a list of what “error”, “error_description” could be returned?
Example: “{“error”:“access_denied”,“error_description”:“User is not assigned to the client application.”}”
These error codes are defined in the OAuth spec (though their descriptions will vary based on implementation and the underlying cause):
error
REQUIRED. A single ASCII [USASCII] error code from the following:
invalid_request
The request is missing a required parameter, includes an
invalid parameter value, includes a parameter more than
once, or is otherwise malformed.
unauthorized_client
The client is not authorized to request an authorization
code using this method.
access_denied
The resource owner or authorization server denied the
request.
unsupported_response_type
The authorization server does not support obtaining an
authorization code using this method.
invalid_scope
The requested scope is invalid, unknown, or malformed.
server_error
The authorization server encountered an unexpected
condition that prevented it from fulfilling the request.
(This error code is needed because a 500 Internal Server
Error HTTP status code cannot be returned to the client
via an HTTP redirect.)
temporarily_unavailable
The authorization server is currently unable to handle
the request due to a temporary overloading or maintenance
of the server. (This error code is needed because a 503
Service Unavailable HTTP status code cannot be returned
to the client via an HTTP redirect.)
Values for the "error" parameter MUST NOT include characters
outside the set %x20-21 / %x23-5B / %x5D-7E.
Something interesting here, where can I find the errors in the 400 return code?
These don’t show in your spec location
{“error”:“access_denied”,“error_description”:“User is not assigned to the client application.”}
{“error”:“invalid_grant”,“error_description”:“Resource owner password credentials cannot be used with MFA enabled.”}