OAuth 2.0 Errors

Refer to the following error codes and explanations when troubleshooting OAuth 2.0 errors:

400 Errors

A 400 Error indicates that a request is invalid. You omitted a required parameter or Yahoo couldn’t make sense of a parameter you supplied.

Table 6 400 Errors
Error Description
UNSUPPORTED_OVER_HTTP OAuth 2.0 only supports calls over HTTPS.
VERSION_REJECTED An unsupported version of OAuth was supplied.
PARAMETER_ABSENT A required parameter is missing from the request.
PARAMETER_REJECTED A provided parameter is too long.
INVALID_CLIENT An invalid Client ID was provided.
INVALID_REQUEST An invalid request parameter was provided.
UNSUPPORTED_RESPONSE_TYPE The provided response_type is supported for this request. You may have provided a response type that doesn’t match the request.
UNSUPPORTED_GRANT_TYPE The provided grant_type is not supported. You may have provided a grant type that doesn’t match the request.
INVALID_REDIRECT_URI The provided redirect_URI does not match the one provided with the original authorization request.
UNSUPPORTED_REDIRECT_URI The provided redirect_URI is not supported for this request type.
INVALID_PARAM A provided request parameter is invalid.
INVALID_REFRESH_TOKEN The provided refresh token is invalid.

401 Errors

A 401 error indicates that the authorization information for a request is absent or invalid.

Table 7 401 Errors
Error Description
TOKEN_EXPIRED The provided refresh token has expired.
INVALID_CALLBACK The redirect_uri provided with this request uses an unsupported port or does not match the Client ID (Consumer Key).
UNDERAGE_USER The user who must authorize access is a minor and cannot authorize access.
INVALID_CLIENT_SECRET An invalid Client Secret was provided.
INVALID_GRANT An invalid or expired token was provided.

403 Errors

A 403 error indicates that request is forbidden.

Table 8 403 Errors
Error Description
ACCOUNT_NOT_AUTHORIZED The user has not authorized requesting Client ID (Consumer Key).

Authorization Errors

The following errors presented on the browser when user authorizes the app.