oauth2.dev

error_uri

IETF

Registry Context

An optional URI identifying a human-readable web page with additional information about an OAuth error.

Technical Summary

An optional OAuth 2.0 error-response parameter defined for authorization code, implicit grant, and token endpoint error responses. Its value must conform to URI-reference syntax and the specified character set.

When Used

Authorization code error responses, implicit grant error responses, and token endpoint error responses.

Normative Requirements

Authorization servers

MUST NOT
3
  1. RFC 6749 - Section 4.1.2.1

    Include characters outside `%x21 / %x23-5B / %x5D-7E` in `error_uri`..

    Condition: If `error_uri` is included in an authorization code error response.

    "MUST NOT include characters outside the set %x21 / %x23-5B / %x5D-7E"

  2. RFC 6749 - Section 4.2.2.1

    Include characters outside `%x21 / %x23-5B / %x5D-7E` in `error_uri`..

    Condition: If `error_uri` is included in an implicit grant error response.

    "MUST NOT include characters outside the set %x21 / %x23-5B / %x5D-7E"

  3. RFC 6749 - Section 5.2

    Include characters outside `%x21 / %x23-5B / %x5D-7E` in `error_uri`..

    Condition: If `error_uri` is included in a token endpoint error response.

    "MUST NOT include characters outside the set %x21 / %x23-5B / %x5D-7E"

MUST
3
  1. RFC 6749 - Section 4.1.2.1

    Ensure the `error_uri` value conforms to URI-reference syntax..

    Condition: If `error_uri` is included in an authorization code error response.

    "Values for the \"error_uri\" parameter MUST conform to the URI-reference syntax"

  2. RFC 6749 - Section 4.2.2.1

    Ensure the `error_uri` value conforms to URI-reference syntax..

    Condition: If `error_uri` is included in an implicit grant error response.

    "Values for the \"error_uri\" parameter MUST conform to the URI-reference syntax"

  3. RFC 6749 - Section 5.2

    Ensure the `error_uri` value conforms to URI-reference syntax..

    Condition: If `error_uri` is included in a token endpoint error response.

    "Values for the \"error_uri\" parameter MUST conform to the URI-reference syntax"

OPTIONAL
3
  1. RFC 6749 - Section 4.1.2.1

    The `error_uri` parameter is OPTIONAL in an authorization code error response..

    Condition: When returning an authorization code error response.

    "error_uri OPTIONAL."

  2. RFC 6749 - Section 4.2.2.1

    The `error_uri` parameter is OPTIONAL in an implicit grant error response..

    Condition: When returning an implicit grant error response.

    "error_uri OPTIONAL."

  3. RFC 6749 - Section 5.2

    The `error_uri` parameter is OPTIONAL in a token endpoint error response..

    Condition: When returning a token endpoint error response.

    "error_uri OPTIONAL."

Validation Guidance

info

Accept `error_uri` as optional in authorization code, implicit grant, and token endpoint error responses; do not require it.

error

If present, validate `error_uri` as a URI-reference and reject values containing characters outside `%x21 / %x23-5B / %x5D-7E`.

Security Notes

RFC 9700 - Section 2.1.2

The implicit grant is vulnerable to access-token leakage and replay. Current OAuth security best practice advises clients not to use it unless access-token injection is prevented and the identified leakage vectors are mitigated.

Reference

Details

Entry Id
error_uri
Name
error_uri
Parameter Usage Location
authorization response, token response
Change Controller
IETF
Reference
RFC6749