invalid_ authorization_ details
Registry Context
This error means authorization_details contains an unknown authorization details type or an object that does not conform to its type definition.
Technical Summary
RFC 9396 defines invalid_authorization_details for authorization_details objects with an unknown type or that fail their type definition. The registry lists its usage locations as the token endpoint and authorization endpoint.
When Used
When an authorization_details object has an unknown type, unknown fields, fields of the wrong type, invalid field values, or missing required fields.
Normative Requirements
Authorization servers
RFC 9396 - Section 5
refuse to process any unknown authorization details type or authorization details not conforming to the respective type definition.
The AS MUST refuse to process any unknown authorization details type or authorization details not conforming to the respective type definition.
RFC 9396 - Section 5
abort processing and respond to the client with invalid_authorization_details.
Condition: If any object in authorization_details has an unknown type value, contains unknown fields, has fields of the wrong type or with invalid values, or is missing required fields
The AS MUST abort processing and respond with an error invalid_authorization_details to the client.
Validation Guidance
Reject authorization_details objects with unknown type values, unknown fields, wrong field types, invalid field values, or missing required fields, and return invalid_authorization_details.
Reference
Details
- Entry Id
invalid_authorization_ details - Name
invalid_authorization_ details - Usage Location
token endpoint, authorization endpoint- Protocol Extension
OAuth 2.0 Rich Authorization Requests- Change Controller
IETF- Reference
RFC9396 - Section 5