Fail Token Request - Authlete Documentation

Typescript (SDK)

import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.token.fail({
    serviceId: "<id>",
    tokenFailRequest: {
      ticket: "83BNqKIhGMyrkvop_7jQjv2Z1612LNdGSQKkvkrf47c",
      reason: "INVALID_RESOURCE_OWNER_CREDENTIALS",
    },
  });

  console.log(result);
}

run();

{
  "resultCode": "A067301",
  "resultMessage": "[A067301] The credentials (username & password) passed to the token endpoint are invalid.",
  "action": "BAD_REQUEST",
  "responseContent": "{\\\"error_description\\\":\\\"[A067301] The credentials (username & password) passed to the token endpoint are invalid.\\\",\\\"error\\\":\\\"invalid_request\\\",\\\"error_uri\\\":\\\"https://docs.authlete.com/#A067301\\\"}"
}

POST

api

{serviceId}

auth

token

fail

Typescript (SDK)

import { Authlete } from "@authlete/typescript-sdk";

const authlete = new Authlete({
  bearer: process.env["AUTHLETE_BEARER"] ?? "",
});

async function run() {
  const result = await authlete.token.fail({
    serviceId: "<id>",
    tokenFailRequest: {
      ticket: "83BNqKIhGMyrkvop_7jQjv2Z1612LNdGSQKkvkrf47c",
      reason: "INVALID_RESOURCE_OWNER_CREDENTIALS",
    },
  });

  console.log(result);
}

run();

{
  "resultCode": "A067301",
  "resultMessage": "[A067301] The credentials (username & password) passed to the token endpoint are invalid.",
  "action": "BAD_REQUEST",
  "responseContent": "{\\\"error_description\\\":\\\"[A067301] The credentials (username & password) passed to the token endpoint are invalid.\\\",\\\"error\\\":\\\"invalid_request\\\",\\\"error_uri\\\":\\\"https://docs.authlete.com/#A067301\\\"}"
}

Full description

This API is supposed to be called from within the implementation of the token endpoint of the service in order to generate an error response to the client application. The description of the /auth/token API describes the timing when this API should be called. See the description for the case of action=PASSWORD. The response from /auth/token/fail API has some parameters. Among them, it is action parameter that the authorization server implementation should check first because it denotes the next action that the authorization server implementation should take. According to the value of action, the authorization server implementation must take the steps described below.

INTERNAL_SERVER_ERROR

When the value of action is INTERNAL_SERVER_ERROR, it means that the request from the authorization server implementation was wrong or that an error occurred in Authlete. In either case, from the viewpoint of the client application, it is an error on the server side. Therefore, the service implementation should generate a response to the client application with HTTP status of “500 Internal Server Error”. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the service implementation should generate and return to the client application.

HTTP/1.1 500 Internal Server Error
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

The endpoint implementation may return another different response to the client application since “500 Internal Server Error” is not required by OAuth 2.0.

BAD_REQUEST

When the value of action is BAD_REQUEST, it means that Authlete’s /auth/token/fail API successfully generated an error response for the client application. The HTTP status of the response returned to the client application must be “400 Bad Request” and the content type must be application/json. The value of responseContent is a JSON string which describes the error, so it can be used as the entity body of the response.

The following illustrates the response which the service implementation should generate and return to the client application.

HTTP/1.1 400 Bad Request
Content-Type: application/json
Cache-Control: no-store
Pragma: no-cache
&#123;responseContent&#125;

Authorizations

Authorization

string

header

required

Authenticate every request with a Service Access Token or Organization Token. Set the token value in the Authorization: Bearer <token> header.

Service Access Token: Scoped to a single service. Use when automating service-level configuration or runtime flows.

Organization Token: Scoped to the organization; inherits permissions across services. Use for org-wide automation or when managing multiple services programmatically.

Both token types are issued by the Authlete console or provisioning APIs.

Path Parameters

serviceId

string

required

A service ID.

Body

ticket

string

required

The ticket issued from Authlete /auth/token API.

reason

enum<string>

required

The reason of the failure of the token request.

Available options:

UNKNOWN,

INVALID_RESOURCE_OWNER_CREDENTIALS,

INVALID_TARGET

Response

resultCode

string

The code which represents the result of the API call.

resultMessage

string

A short message which explains the result of the API call.

action

enum<string>

The next action that the authorization server implementation should take.

Available options:

INTERNAL_SERVER_ERROR,

BAD_REQUEST

responseContent

string

The content that the authorization server implementation is to return to the client application. Its format varies depending on the value of action parameter. See description for details.

Process Token Request Issue Token Response

Authlete

​INTERNAL_SERVER_ERROR

​BAD_REQUEST

Authorizations

Path Parameters

Body

Response

INTERNAL_SERVER_ERROR

BAD_REQUEST