Skip to content

OAuth2ServerException

Raxos\OAuth2\Server\Error\OAuth2ServerException

The abstract base for every OAuth2 error response. It extends the base Exception from error and carries an HTTP status code alongside the OAuth2 error code and description.

Signature

php
abstract class OAuth2ServerException extends Exception
{
    public function __construct(
        public readonly HttpResponseCode $responseCode,
        string $error,
        string $errorDescription,
        ?Throwable $previous = null
    );
}

__construct(HttpResponseCode $responseCode, string $error, string $errorDescription, ?Throwable $previous = null)

Creates the exception with its HTTP status, OAuth2 error code and description. Concrete subclasses call this with a fixed status and error code.

Concrete exceptions

Every exception below lives in Raxos\OAuth2\Server\Error.

ExceptionHTTP statusOAuth2 error codeMessage
InvalidRequestException400invalid_requestOptional; defaults to a standard description.
InvalidClientException401invalid_clientOptional; defaults to a standard description.
InvalidGrantException400invalid_grantRequired.
InvalidScopeException400invalid_scopeRequired.
InvalidTokenException401invalid_tokenOptional; defaults to a standard description.
RedirectUriMismatchException400redirect_uri_mismatchOptional; defaults to a standard description.
UnsupportedGrantTypeException400unsupported_grant_typeOptional; defaults to a standard description.
InsufficientClientScopeException403insufficient_client_scopeOptional; defaults to a standard description.

Example

php
<?php
declare(strict_types=1);

use Raxos\OAuth2\Server\Error\{InvalidGrantException, InvalidRequestException};

// Fixed message, required argument.
throw new InvalidGrantException('The authorization code has expired.');

// Default message, no argument.
throw new InvalidRequestException();

See Error handling for how these exceptions become JSON error responses.