oauth2.dev

error_description

IETF

Registry Context

`error_description` is an optional human-readable ASCII string that may accompany OAuth authorization-code, implicit-grant, and token endpoint error responses.

Technical Summary

RFC 6749 defines `error_description` as an OPTIONAL parameter in these error responses. Its value MUST NOT contain characters outside `%x20-21 / %x23-5B / %x5D-7E`.

When Used

Authorization-code grant error responses, implicit-grant error responses, and token endpoint error responses.

Normative Requirements

Authorization servers

MUST NOT
3
  1. RFC 6749 - Section 4.1.2.1

    include characters outside `%x20-21 / %x23-5B / %x5D-7E` in the `error_description` value.

    Condition: when returning an authorization-code grant error response

    Values for the "error_description" parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.

  2. RFC 6749 - Section 4.2.2.1

    include characters outside `%x20-21 / %x23-5B / %x5D-7E` in the `error_description` value.

    Condition: when returning an implicit-grant error response

    Values for the "error_description" parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.

  3. RFC 6749 - Section 5.2

    include characters outside `%x20-21 / %x23-5B / %x5D-7E` in the `error_description` value.

    Condition: when returning a token endpoint error response

    Values for the "error_description" parameter MUST NOT include characters outside the set %x20-21 / %x23-5B / %x5D-7E.

OPTIONAL
3
  1. RFC 6749 - Section 4.1.2.1

    include the `error_description` parameter.

    Condition: when returning an authorization-code grant error response

    error_description OPTIONAL.

  2. RFC 6749 - Section 4.2.2.1

    include the `error_description` parameter.

    Condition: when returning an implicit-grant error response

    error_description OPTIONAL.

  3. RFC 6749 - Section 5.2

    include the `error_description` parameter.

    Condition: when returning a token endpoint error response

    error_description OPTIONAL.

Validation Guidance

error

Reject `error_description` values containing characters outside `%x20-21 / %x23-5B / %x5D-7E`.

info

Do not require `error_description` in the applicable authorization or token error responses.

Reference

Details

Entry Id
error_description
Name
error_description
Parameter Usage Location
authorization response, token response
Change Controller
IETF
Reference
RFC6749