# `AshAuthentication.Phoenix.Oauth2Server.Errors`
[🔗](https://github.com/team-alembic/ash_authentication_oauth2_server/blob/v0.1.0/lib/ash_authentication_phoenix/oauth2_server/errors.ex#L5)

HTTP error response helpers for OAuth 2.1 / RFC 7591.

# `describe_token_error`

```elixir
@spec describe_token_error(atom()) :: {pos_integer(), String.t(), String.t()}
```

Translate a `:reason` atom returned from a core module into an
`{http_status, error_code, description}` triple suitable for an OAuth
error response.

# `send_bearer_error`

```elixir
@spec send_bearer_error(Plug.Conn.t(), pos_integer(), String.t(), String.t() | nil) ::
  Plug.Conn.t()
```

Send a Bearer-auth error per RFC 6750 §3 — JSON body + a
`WWW-Authenticate: Bearer error="…", error_description="…"` header.

Used for failures of Bearer-authenticated endpoints (e.g. RFC 7591
initial-access-token failures on `/oauth/register`).

# `send_dcr_error`

Send a 400 with an RFC 7591 DCR-shaped error.

Codes: `"invalid_redirect_uri"`, `"invalid_client_metadata"`.

# `send_oauth_error`

```elixir
@spec send_oauth_error(Plug.Conn.t(), pos_integer(), String.t(), String.t() | nil) ::
  Plug.Conn.t()
```

Send a JSON error per OAuth 2.0 / RFC 6749 §5.2.

Codes: `"invalid_request"`, `"invalid_client"`, `"invalid_grant"`,
`"unsupported_grant_type"`, `"invalid_scope"`, etc.

---

*Consult [api-reference.md](api-reference.md) for complete listing*