Suppressing error details in responseContent

Some Authlete APIs include a responseContent parameter in their responses. The value of this parameter is expected to be used by an authorization server as response content returned to a client.

By default, the value of the responseContent parameter contains error details. For example, if you send a request to Authlete's /auth/authorization API with an empty value for the parameters parameter (which is incorrect for an authorization request), the API will generate the following response.

  • Request

% curl -s -X POST $apiUrl/auth/authorization \
-u ...:... -H 'Content-type: application/json' \
-d '{"parameters":""}'

  • Response (line breaks for readability)

[...]
"action": "BAD_REQUEST",
"responseContent":
  "{\"error_description\":
      \"[A004301] The authorization request does not contain any request parameters.\",
    \"error\":
      \"invalid_request\",
    \"error_uri\":
      \"https://docs.authlete.com/#A004301\"}",
[...]

The error_description and error_uri parameters in responseContent are Authlete's own error details. They are useful for client applications and user agents to resolve problems during system development and testing, but may not be unnecessary in production.

If you wish to suppress the output of error details, change the following settings in the "Authorization" section of the target Authlete service to "Omitted".
Item
Descripton
Default Value
Error Description
Setting for suppressing error_description 
Not omitted
Error URI
Setting for suppressing error_uri
Not omitted


image.png 103.28 KB


If both of these items are set to "omitted," the response to the request above will be as follows.

[...]
"action": "BAD_REQUEST",
"responseContent": "{\"error\":\"invalid_request\"}",
[...]
How did we do with this article?