此页面由 Cloud Translation API 翻译。

OAuth HTTP 错误响应参考文档

您正在查看的是 Apigee Edge 文档。
转到 Apigee X 文档。信息

本主题介绍了 OAuth 政策在 Apigee Edge 中引发错误时您可能遇到的 HTTP 状态代码及其相关原因短语。

如需了解如何处理错误，请参阅处理错误。

如需了解特定于政策的错误代码，请参阅：

授权代码

重定向 URI 无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Invalid redirection uri http://www.invalid_example.com"}

无重定向 URI

HTTP/1.1 400 Bad Request {"ErrorCode" : "invalid_request", "Error" :"Redirection URI is required"}

密钥无效

HTTP/1.1 401 Unauthorized {"ErrorCode" : "invalid_request", "Error" :"Invalid client id : AVD7ztXReEYyjpLFkkPiZpLEjeF2aYAz. ClientId is Invalid"}

缺少密钥

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : client_id"}

响应类型无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Response type must be code"}

缺少响应类型

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : response_type"}

生成 AccessToken

授权代码无效

HTTP status: 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Invalid Authorization Code"}

无重定向 URI

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Required param : redirect_uri"}

重定向 URI 无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Invalid redirect_uri : oob"}

当 GenerateResponse 为 false 时客户端 ID 无效

当 <GenerateResponse> 属性设置为 false，而客户端凭据无效时，将返回此错误。

{
    "fault": {
        "faultstring": "Invalid client identifier {0}",
        "detail": {
            "errorcode": "oauth.v2.InvalidClientIdentifier"
        }
    }
}

警告：在 Edge Cloud 版本 16.09.21 中，针对特定政策配置，将错误代码“invalid_client”更改为“InvalidClientIdentifier”。此更改可能会影响用于捕获旧代码的故障规则。如需详细了解此更改，请参阅 16.09.21 - Apigee Edge for Public Cloud 版本说明中的问题修复 APIRT-3390 的说明。

当 GenerateResponse 为 true 时客户端 ID 无效

当 <GenerateResponse> 属性设置为 true，而客户端凭据无效时，将返回此错误。

{"ErrorCode" : "invalid_client", "Error" :"ClientId is Invalid"}

GrantType 无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Unsupported grant type : client_credentials_invalid"}

无用户名

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Required param : username"}

无密码

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Required param : password"}

无 GrantType（自定义政策）

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Required param : grant_type"}

无 AuthCode

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Required param : code"}

隐式

客户端 ID 无效

HTTP/1.1 401 Unauthorized
{"ErrorCode" : "invalid_request", "Error" :"Invalid client id : AVD7ztXReEYyjpLFkkPiZpLEjeF2aYAz. ClientId is Invalid"}

无客户端 ID

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : client_id"}

响应类型无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Response type must be token"}

无响应类型

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"The request is missing a required parameter : response_type"}

重定向 URI 无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Invalid redirection uri http://www.invalid_example.com"}

无重定向 URI

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Redirection URI is required"}

刷新令牌

RefreshToken 无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Invalid Refresh Token"}

RefreshToken 已过期

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Refresh Token expired"}

范围无效

HTTP/1.1 400 Bad Request
{"ErrorCode" : "invalid_request", "Error" :"Invalid Scope"}

当 GenerateResponse 为 false 时客户端 ID 无效

当 GenerateResponse 属性设为 false 且客户端凭据无效时，将返回此错误。

{
    "fault": {
        "faultstring": "Invalid client identifier {0}",
        "detail": {
            "errorcode": "oauth.v2.InvalidClientIdentifier"
        }
    }
}

警告：在 Edge Cloud 版本 16.09.21 中，针对特定政策配置，将错误代码“invalid_client”更改为“InvalidClientIdentifier”（GenerateResponse 为 false）。此更改可能会影响用于捕获旧代码的故障规则。如需详细了解此更改，请参阅 16.09.21 - Apigee Edge for Public Cloud 版本说明中的问题修复 APIRT-3390 的说明。

当 GenerateResponse 为 true 时客户端 ID 无效

当 GenerateResponse 属性设为 true 且客户端凭据无效时，将返回此错误。

{"ErrorCode" : "invalid_client", "Error" :"ClientId is Invalid"}

验证 AccessToken

AccessToken 无效

HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"Invalid Access Token","detail":{"errorcode":"keymanagement.service.invalid_access_token"}}}

资源无效

HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"APIResource \/facebook\/acer does not exist","detail":{"errorcode":"keymanagement.service.apiresource_doesnot_exist"}}}

范围无效

HTTP/1.1 403 Forbidden
{"fault":{"faultstring":"Required scope(s) : VerifyAccessToken.scopeSet","detail":{"errorcode":"steps.oauth.v2.InsufficientScope"}}}

无身份验证标头

HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"Invalid access token","detail":{"errorcode":"oauth.v2.InvalidAccessToken"}}}

ApiProduct 无匹配（配置了 Env 和 Proxy）

HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"Invalid API call as no apiproduct match found","detail":{"errorcode":"keymanagement.service.InvalidAPICallAsNoApiProductMatchFound"}}}

访问令牌已过期

HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"Access Token expired","detail":{"errorcode":"keymanagement.service.access_token_expired"}}}

访问令牌已撤消

HTTP/1.1 401 Unauthorized
{"fault":{"faultstring":"Access Token not approved","detail":{"errorcode":"keymanagement.service.access_token_not_approved"}}}

获取 OAuth V2 信息

刷新令牌无效

HTTP/1.1 404 Not Found
{"fault::{"detail":{"errorcode":"keymanagement.service.invalid_refresh_token"},"faultstring":"Invalid Refresh Token"}}

访问令牌无效

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Invalid Access Token",
    "detail": {
      "errorcode": "keymanagement.service.invalid_access_token"
    }
  }
}

访问令牌已过期

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Access Token expired",
    "detail": {
      "errorcode": "keymanagement.service.access_token_expired"
    }
  }
}

刷新令牌已过期

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Refresh Token expired",
    "detail": {
      "errorcode": "keymanagement.service.refresh_token_expired"
    }
  }
}

客户端 ID 无效

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Invalid Client Id",
    "detail": {
      "errorcode": "keymanagement.service.invalid_client-invalid_client_id"
    }
  }
}

授权代码无效

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Invalid Authorization Code",
    "detail": {
      "errorcode": "keymanagement.service.invalid_request-authorization_code_invalid"
    }
  }
}

授权代码已过期

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Authorization Code expired",
    "detail": {
      "errorcode": "keymanagement.service.authorization_code_expired"
    }
  }
}

设置 OAuth V2 信息

访问令牌无效

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Invalid Access Token",
    "detail": {
      "errorcode": "keymanagement.service.invalid_access_token"
    }
  }
}

访问令牌已过期

HTTP/1.1 404 Not Found
{
  "fault": {
    "faultstring": "Access Token expired",
    "detail": {
      "errorcode": "keymanagement.service.access_token_expired"
    }
  }
}

删除 OAuth V2 信息

成功后，此政策会返回 200 状态。

失败时，该政策会返回 404 和如下所示的输出（具体取决于您是删除访问令牌还是身份验证代码）：

HTTP/1.1 404 Not Found
Content-Type: application/json
Content-Length: 144
Connection: keep-alive

{"fault":{"faultstring":"Invalid Authorization Code","detail":{"errorcode":"keymanagement.service.invalid_request-authorization_code_invalid"}}}