Artificial Intelligence Corporate Risk
  • Welcome
  • Getting Started
    • Inviting Users
    • Adding New Large Language Models
      • Azure OpenAI Service
      • OpenAI
      • Mistral
      • Google AI
      • LLaMA AI
      • AWS Bedrock
  • Chat
    • Initiating a Chat
    • Viewing Chat History
  • Dashboards
    • Creating Dashboards
    • Dashboard Elements
      • Top N
      • Charts and Graphs
      • Totals
      • Maps
  • Monitoring
    • Adding a User to the Monitor Role
    • Setting up alerts and issues
    • Editing Issues
  • Compliance
    • Adding a User to the Compliance Role
    • Creating a Search
    • Consuming the Results
  • Admin
    • AI Agents
      • Adding a New Agent
        • General Settings
        • Agent Engine Properties
          • Azure OpenAI
          • OpenAI
          • Mistral
          • Google AI
          • LLaMA AI
          • AWS Bedrock
        • Advanced Settings
          • Usage
            • Max Messages
            • LLM Temperature
          • Scanners
            • AI Scanners
            • General Scanners
          • API Keys
          • Files
      • Editing an Agent
      • Deleting an Agent
      • Adding from a Template
    • Company
      • General Information
      • External Agent Provider Settings
    • Custom APIs
      • OAuth2 API
      • Adding a New API
        • API Information
        • API Headers
        • API Endpoint Parameters
        • API Query Parameters
        • Body Parameters
      • Editing a Custom API
      • Deleting a Custom API
    • Custom Database
    • Users
      • Inviting a New User
      • Deleting a User
      • Roles
        • Accessing User Roles
      • Assigning an Agent
      • Setting a Default Agent
    • Groups
      • Adding a New Group
      • Deleting a Group
      • Assigning a User
      • Removing a User
      • Adding an Agent
      • Removing an Agent
    • Agent Scanner Defaults
      • Toxicity
      • Personal Information
      • Topic Scanner
      • Prompt Injection Detection
      • Regex Scanner
      • Geographic Gating
      • Language Detection
      • Allowed File Types
    • Logs
      • Interpreting Logs
  • Server Admin
    • Upgrade
    • Default Agents
      • Adding a New Agent
    • Data Archive
    • API Access
      • Chat
        • List Agents
        • Create Conversation
        • List of Conversations
        • Get Conversations
        • Ask Agent
        • Chat with Agent
        • Add File to Conversation
        • Add Files to Agent
        • Deleting a File
      • OAuth2
        • OAuth2
        • OAuth2 Token
      • Users
        • List Users
        • Create User
        • Add User to Group
        • Set User Token
        • Delete User
      • How to Launch Our API Example
        • How the Code Works
    • Configure OAuth2
    • Custom Secrets
  • API Overview
    • Authentication
    • Calling the Scanner
    • Consuming the Results
    • 📃Pagination
      • Understanding API Parameters
      • Pagination Helper
      • Example Page
      • Recap
    • AIRisk API OAuth2 Authentication
      • Authorization
      • Authorization Endpoint
        • Example Authorization URL
        • Error Responses
      • Tokens
        • Error Handling
        • Generic vs. User-Specific Tokens
          • Example Usage Flow / Reasons
        • Usage of the Access Token
      • Token Endpoint
        • Example Token Request
        • Error Responses
      • Summary of OAuth2 Authorization Flow
  • Managing Your Account
    • Personal Data
  • Support
    • Onboarding Check List
  • Internal Deployment
    • Outlook Plugin
    • Firewall Rules
    • Infrastructure
    • Graph Connection Requirements
    • Zoom Transcripts
  • Example Python Application
  • Release Notes
    • V4.28
    • V4.12
    • V4.0
    • V3.71
    • V3.0 Beta
    • V2.23
    • V2.22
    • V2.120 HotFix
    • V2.103 June 1
Powered by GitBook
On this page
  1. API Overview
  2. AIRisk API OAuth2 Authentication
  3. Token Endpoint

Error Responses

If the token request is invalid or the authorization code has expired/been used, the token endpoint will return an error instead of an access token. Error responses use HTTP status codes (like 400 or 401) and an HTTP reason.

  1. For example, if a Required parameter (ex. client_id) is missing:

    HTTP/1.1 400 Bad Request
    Content-Type: text/plain; charset=utf-8
    Date: Thu, 27 Mar 2025 18:58:24 GMT
    Server: Kestrel
    Set-Cookie: ARRAffinity=SOME_VALUE;Path=/;HttpOnly;Secure;Domain=demo.aicrisk.com, ARRAffinitySameSite=SOME_OTHER_VALUE;Path=/;HttpOnly;SameSite=None;Secure;Domain=demo.aicrisk.com
    Transfer-Encoding: chunked
    Strict-Transport-Security: max-age=2592000
    Request-Context: appId=SOME_APP_ID
    
    Invalid client_id
  2. Or if the provided code is not valid (e.g., already used or expired):

    HTTP/1.1 400 Bad Request
    Content-Type: text/plain; charset=utf-8
    Date: Thu, 27 Mar 2025 19:17:38 GMT
    Server: Kestrel
    Set-Cookie: ARRAffinity=SOME_VALUE;Path=/;HttpOnly;Secure;Domain=demo.aicrisk.com, ARRAffinitySameSite=SOME_VALUE;Path=/;HttpOnly;SameSite=None;Secure;Domain=demo.aicrisk.com
    Transfer-Encoding: chunked
    Strict-Transport-Security: max-age=2592000
    Request-Context: appId=cid-v1:SOME_APP
    
    Invalid Code
  3. Or if the provided Client ID isn't valid: Full HTTP Response:

    HTTP/1.1 401 Unauthorized
    Content-Type: application/problem+json; charset=utf-8
    Date: Thu, 27 Mar 2025 19:09:27 GMT
    Server: Kestrel
    Set-Cookie: ARRAffinity=SOME_VALUE;Path=/;HttpOnly;Secure;Domain=demo.aicrisk.com, ARRAffinitySameSite=SOME_VALUE;Path=/;HttpOnly;SameSite=None;Secure;Domain=demo.aicrisk.com
    Transfer-Encoding: chunked
    Strict-Transport-Security: max-age=2592000
    Request-Context: appId=SOME_APP
    
    {
        "type": "https://tools.ietf.org/html/rfc9110#section-15.5.2",
        "title": "Unauthorized",
        "status": 401,
        "traceId": "00-de61877dd04ebafff7c1676b5b6e9532-5debd224217a8b45-00"
    }

    Response Content JSON (ex...)

    resp = requests.post(OAUTH_TOKEN_ENDPOINT, data=data)
    resp.json()
    print(resp)
    {
        "type":"https://tools.ietf.org/html/rfc9110#section-15.5.2",
        "title":"Unauthorized",
        "status":401,
        "traceId":"00-b7704abbc12b42d34f405553b712bac7-2885ab6a78ee25ea-00"
    }
  4. Or if the client_secret is missing

    HTTP/1.1 400 Bad Request
    Content-Type: text/plain; charset=utf-8
    Date: Thu, 27 Mar 2025 19:03:52 GMT
    Server: Kestrel
    Set-Cookie: ARRAffinity=SOME_VALUE;Path=/;HttpOnly;Secure;Domain=demo.aicrisk.com, ARRAffinitySameSite=SOME_VALUE;Path=/;HttpOnly;SameSite=None;Secure;Domain=demo.aicrisk.com
    Transfer-Encoding: chunked
    Strict-Transport-Security: max-age=2592000
    Request-Context: appId=SOME_APP_ID
    
    Invalid client_secret
  5. Or if the client_secret is invalid

    HTTP/1.1 401 Unauthorized
    Content-Type: application/problem+json; charset=utf-8
    Date: Thu, 27 Mar 2025 19:22:06 GMT
    Server: Kestrel
    Set-Cookie: ARRAffinity=SOME_VALUE;Path=/;HttpOnly;Secure;Domain=demo.aicrisk.com, ARRAffinitySameSite=SOME_VALUE;Path=/;HttpOnly;SameSite=None;Secure;Domain=demo.aicrisk.com
    Transfer-Encoding: chunked
    Strict-Transport-Security: max-age=2592000
    Request-Context: appId=cid-v1:SOME_APP
    
    {
        "type": "https://tools.ietf.org/html/rfc9110#section-15.5.2",
        "title": "Unauthorized",
        "status": 401,
        "traceId": "00-c6bf787605465c8897a36d5957f00fb5-fd988d1c79cd27ed-00"
    }

Each error response with JSON content includes an "status_code" code and a human-readable "reason" (Is only not JSON if entirely not passing in a necessary parameter. Even if invalid, it will return JSON decode-able content). The error responses without JSON content only have their status code number (ex. 404 in), the status name e.g. "Unauthorized", and the error message e.g "Invalid client_secret".

HTTP/1.1 401 Unauthorized
...
Invalid client_secret

Always check for an error response and handle it gracefully in your application (e.g., in your app interacting with an AIRisk instance, prompt the user to re-authenticate if the code is no longer valid).

PreviousExample Token RequestNextSummary of OAuth2 Authorization Flow

Last updated 1 month ago