error_ uri
Registry Context
An optional URI identifying a human-readable web page with additional information about an OAuth error.
Technical Summary
An optional OAuth 2.0 error-response parameter defined for authorization code, implicit grant, and token endpoint error responses. Its value must conform to URI-reference syntax and the specified character set.
When Used
Authorization code error responses, implicit grant error responses, and token endpoint error responses.
Normative Requirements
Authorization servers
RFC 6749 - Section 4.1.2.1
Include characters outside `%x21 / %x23-5B / %x5D-7E` in `error_uri`..
Condition: If `error_uri` is included in an authorization code error response.
"MUST NOT include characters outside the set %x21 / %x23-5B / %x5D-7E"
RFC 6749 - Section 4.2.2.1
Include characters outside `%x21 / %x23-5B / %x5D-7E` in `error_uri`..
Condition: If `error_uri` is included in an implicit grant error response.
"MUST NOT include characters outside the set %x21 / %x23-5B / %x5D-7E"
RFC 6749 - Section 5.2
Include characters outside `%x21 / %x23-5B / %x5D-7E` in `error_uri`..
Condition: If `error_uri` is included in a token endpoint error response.
"MUST NOT include characters outside the set %x21 / %x23-5B / %x5D-7E"
RFC 6749 - Section 4.1.2.1
Ensure the `error_uri` value conforms to URI-reference syntax..
Condition: If `error_uri` is included in an authorization code error response.
"Values for the \"error_uri\" parameter MUST conform to the URI-reference syntax"
RFC 6749 - Section 4.2.2.1
Ensure the `error_uri` value conforms to URI-reference syntax..
Condition: If `error_uri` is included in an implicit grant error response.
"Values for the \"error_uri\" parameter MUST conform to the URI-reference syntax"
RFC 6749 - Section 5.2
Ensure the `error_uri` value conforms to URI-reference syntax..
Condition: If `error_uri` is included in a token endpoint error response.
"Values for the \"error_uri\" parameter MUST conform to the URI-reference syntax"
RFC 6749 - Section 4.1.2.1
The `error_uri` parameter is OPTIONAL in an authorization code error response..
Condition: When returning an authorization code error response.
"error_uri OPTIONAL."
RFC 6749 - Section 4.2.2.1
The `error_uri` parameter is OPTIONAL in an implicit grant error response..
Condition: When returning an implicit grant error response.
"error_uri OPTIONAL."
RFC 6749 - Section 5.2
The `error_uri` parameter is OPTIONAL in a token endpoint error response..
Condition: When returning a token endpoint error response.
"error_uri OPTIONAL."
Validation Guidance
Accept `error_uri` as optional in authorization code, implicit grant, and token endpoint error responses; do not require it.
If present, validate `error_uri` as a URI-reference and reject values containing characters outside `%x21 / %x23-5B / %x5D-7E`.
Security Notes
RFC 9700 - Section 2.1.2
The implicit grant is vulnerable to access-token leakage and replay. Current OAuth security best practice advises clients not to use it unless access-token injection is prevented and the identified leakage vectors are mitigated.
Reference
Details
- Entry Id
error_uri - Name
error_uri - Parameter Usage Location
authorization response, token response- Change Controller
IETF- Reference
RFC6749