On this page:

28.4Oauth2 Exceptions

 

The OAuth2Exceptions API can be used to create exceptions within JavaScript code within an OAuth2 context, e.g. within a Smart on FHIR Outbound onPostAuthorize callback.

28.4.1Method: OAuth2Exceptions.newUnauthorizedException(theMessage)

 

Creates an UnauthorizedException.

Inputs:

  • theMessage – The error message

Outputs:

  • Returns an exception that can be thrown

Example:

throw OAuth2Exceptions.newUnauthorizedException('Account not processed yet, please try again tomorrow.');

This will return an HTTP 401 status code with the following response:

{
  "error": "unauthorized",
  "error_description": "Account not processed yet, please try again tomorrow."
}

28.4.2Method: OAuth2Exceptions.newForbiddenException(theMessage)

 

Creates a ForbiddenException.

Inputs:

  • theMessage – The error message

Outputs:

  • Returns an exception that can be thrown

Example:

throw OAuth2Exceptions.newForbiddenException('Account not fully configured yet, please wait an hour and try again.');

This will return an HTTP 403 status code with the following response:

{
  "error": "access_denied",
  "error_description": "Account not fully configured yet, please wait an hour and try again."
}