Suppressing error details in responseContent

Table of Contents

Suppressing error details in responseContent

Some Authlete APIs include a responseContent parameter in their responses. The value of this parameter is expected to be used by an authorization server as response content returned to a client.

By default, the value of the responseContent parameter contains error details. For example, if you send a request to Authlete’s /auth/authorization API with an empty value for the parameters parameter (which is incorrect for an authorization request), the API will generate the following response.

  • Request
% curl -s -X POST $apiUrl/auth/authorization \
-u ...:... \
-H 'Content-type: application/json' \
-d '{"parameters":""}'
  • Response (line breaks for readability)
"action": "BAD_REQUEST",
      \"[A004301] The authorization request does not contain any request parameters.\",

The error_description and error_uri parameters in responseContent are Authlete’s own error details. They are useful for client applications and user agents to resolve problems during system development and testing, but may not be unnecessary in production.

If you wish to suppress the output of error details, change the following settings in the “Authorization” section of the target Authlete service to “Omitted”.

Item Descripton Default Value
Error Description Setting for suppressing error_description  Not omitted
Error URI Setting for suppressing error_uri Not omitted

If both of these items are set to “omitted,” the response to the request above will be as follows.

"action": "BAD_REQUEST",
"responseContent": "{\"error\":\"invalid_request\"}",