Table of Contents

Suppressing Error Details

Some Authlete APIs include a responseContent parameter in their responses. This parameter is designed to be used by an authorization server as the response content sent back to a client.

By default, the responseContent parameter contains error details. For instance, if you send a request to Authlete’s /auth/authorization API with an empty value for the parameters parameter (which is invalid for an authorization request), the API will return the following response:

Sample Request

curl -s -X POST $apiUrl/auth/authorization \
-H 'Authorization: Bearer ${SERVICE_ACCES_TOKEN}' \
-H 'Content-Type: application/json' \
-d '{"parameters":""}'

Sample Response

[...]
"action": "BAD_REQUEST",
"responseContent":
  "{\"error_description\":
      \"[A004301] The authorization request does not contain any request parameters.\",
    \"error\":
      \"invalid_request\",
    \"error_uri\":
      \"https://docs.authlete.com/#A004301\"}",
[...]

The error_description and error_uri parameters in responseContent are Authlete’s own error details. They are useful for client applications and user agents to resolve problems during development and testing, but may be unnecessary in production.

For production deployment, Authlete recommends disabling both Include Error Description and Include Error URI settings to suppress detailed error outputs.

Authlete Configuration

To suppress error details, update the following settings in the “Error Details” section of the target Authlete service:

Navigate to Service Settings > Endpoints > Global Settings.
Scroll down to the Error Details section.
Toggle Include Error Description and Include Error URI to the “off” position.

suppressing-error-details-in-responsecontent_1

If both settings are “off”, the response to the request mentioned above will appear as follows:

[...]
"action": "BAD_REQUEST",
"responseContent": "{\"error\":\"invalid_request\"}",
[...]