IG 2023.4


When an OAuth 2.0 authorization operation fails, the error and error description provided by the authorization service are injected into this context for use downstream.

For example, when the OAuth2TokenExchangeFilter fails to exchange a token, it injects the error and description into this context. The context is passed into calls to the failureHandler in the OAuth2TokenExchangeFilter.

This context supports OAuth 2.0 error messages in the format given by RFC 6749.


The context is named OAuth2Failure, and is accessible at ${contexts.oauth2failure}. The context has the following properties:

"error": java.lang.String

The error field name.

"description": java.lang.String

Error description field name.

"exception": org.forgerock.openig.filter.oauth2.client.OAuth2ErrorException

The OAuth 2.0 exception associated with the token exchange error.

Copyright © 2010-2023 ForgeRock, all rights reserved.