Authorization Code Grant Flow Errors:
For information about errors that may occur during the OAuth 2.0 flow for NetSuite as OIDC provider, see the following topics:
1. Authorization Errors in Step One:
The following table lists errors that may occur in Step One of the OAuth 2.0 authorization code grant flow. Error requests are sent to the redirect URI with a specific error value, and should be handled by the application.
The redirect parameter is error.
| Error Value | Error Description | Resolution |
|---|---|---|
| invalid_request | One or more required parameters are missing.ImportantThe redirect does not take place if the redirect URI in the GET request does not match the value in the Redirect URI field in the corresponding integration record. Only the error message should be displayed. | Ensure that none of the parameters is missing in the request in Step One. |
| unauthorized_client | The redirect does not take place if the client is unknown to the authorization server. Only the error message should be displayed. | Ensure that you use the correct values of the client ID and client secret for the corresponding integration record. |
| access_denied | A user clicks the Deny or Back button on the consent screen and interrupts the flow. | The user must Click Allow or Continue to give the application consent. |
| unsupported_response_type | The response type cannot be handled. | Ensure that the response type value is correct. |
| invalid_scope | The scope cannot be handled. The scope value is malformed, unknown, or invalid. | Ensure that the scope value is in correct format. |
2. Response Errors in Step Two and in the Refresh Token Response:
The following table lists errors that may occur in Step Two of the OAuth 2.0 authorization code grant flow and in the response to the refresh token request. The JSON format for the response is:
{ “error”: “<error_value>” }
| Error Value | Error Description | Resolution |
|---|---|---|
| invalid_request | Any of the following conditions may cause the invalid_request error to occur:One or more required parameters are missing or malformed.The grant_type value is incorrect.Multiple client authentication approaches are used.Any other type of a malformed request is sent.The HTTP status code is 400 Bad Request. | Ensure that your request is valid and in the correct format. |
| invalid_client | Authentication of the client fails.The HTTP status code is 401 Unauthorized.The response header is set to:Basic realm=<accountID>Following is an example of the response header:HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="123456"Copy | Ensure that you use the correct values of the client ID and client secret for the corresponding integration record. |
| invalid_grant | Any of the following conditions may cause the invalid_grant error to occur:The authorization code is invalid, expired, or revoked.The refresh token is invalid, expired, or revoked.ImportantIn case the refresh token is expired, the application must go back to Step One of the OAuth 2.0 authorization code grant flow to restart the process.The redirect URI does not match the redirect URI in the authorization request.The authorization code or refresh token cannot be associated with the client.The code_verifier parameter on Step Two does not match the code_verifier parameter in Step One.The HTTP status code is 400 Bad Request. | Ensure that values of all parameters are correct and matching the values from Step One of the flow. |
| unauthorized_client | The value of the authorization grant_type is not allowed for the client. | Ensure that you use the correct values of the client ID and client secret for the corresponding integration record. |
| unsupported_grant_type | The value of the grant_type parameter is neither authorization_code nor refresh_token.The HTTP status code is 400 Bad Request. | Ensure that the value of grat_type parameter is authorization_code or refresh_token. |
| invalid_scope | The scope cannot be handled. The scope value is malformed, unknown, or invalid.The HTTP status code is 400 Bad Request. | Ensure that the scope value is in correct format. |