Meaningful OAuth error messages

13 October 2015

The best support is the one that you will never need

True to our conviction that the best support is the one which you never have to call upon, the upcoming release of the Connect2id server will improve many of the error messages.

Yes, error messages can be quite important, especially when working with web APIs.

Take for instance the error message on failing to authenticate properly to the token endpoint of the OAuth 2.0 / OpenID Connect server. To help developers we decided to list all possible causes, while withholding information as to why exactly authentication failed, which is done for security.

HTTP/1.1 401 Unauthorized
Content-Type: application/json;charset=UTF-8
Cache-Control: no-store
Pragma: no-cache

{
  "error"             : "invalid_client",
  "error_description" : "Client authentication failed, possible causes may be
                         missing, invalid or expired secret / registered JWK,
                         bad JWT assertion audience, or a mismatch between
                         registered and presented client authentication
                         method" }