Authentication Service Error Codes
Auth Service Error Codes is a collection of error codes that are associated with an authentication service. These error codes are used to indicate specific issues or problems that may occur during the authentication process.
For any error code not documented here, please reach out to our support team and share the message and URL with us. We will immediately help investigate why this issue occured for you.
What does Error Code xxx mean?
cidaas returns error status codes on different occasion. To find about the Authentication service related errors, you can navigate to the Authentication Service Error Code Page and lookup your retrieved error code. There you will also find useful hints how to solve them.
For example:
If you encounter this error code (AUTH10001) in your application, you should follow the hint provided.
The following table represents the Authentication service error codes that will help you in identifying and troubleshooting various errors or failures.
| code | error | error_description | hint |
|---|---|---|---|
| AUTH10001 | invalid_request | invalid_request: request is missing a required parameter, client_id is missing | client_id is a required parameter that you need to pass in query |
| AUTH10002 | invalid_request | invalid_request: request is missing a required parameter, response_type is missing | response_type is a required parameter that you need to pass in query. possible values are code, token id_token |
| AUTH10003 | invalid_request | invalid_request: error parsing request parameters | please check the query/form parameters you are passing are in correct format |
| AUTH10007 | invalid_client | invalid_client: invalid client_id passed | please check if you passing correct client_id |
| AUTH10008 | invalid_request | invalid_request: invalid redirect_uri | please check if you passing correct redirect_uri |
| AUTH10009 | invalid_request | invalid_request: given url is not allowed by the application configuration | please check if you passing correct redirect_uri, and it is present in app settings |
| AUTH10010 | invalid_request | invalid_request: redirect_uri is missing | redirect_uri is mandatory |
| AUTH10011 | unauthorized_client | unauthorized_client: client_type NON_INTERACTIVE is not supported | please any client other than NON_INTERACTIVE |
| AUTH10012 | invalid_request | invalid_request: invalid ui_locales passed | please check ui_locales parameter, it must be a valid locale string |
| AUTH10013 | unsupported_response_type | unsupported_response_type: un supported response type | response_type must be one of these. code, token, id_token, device_code |
| AUTH10014 | unsupported_grant_type | unsupported_grant_type: token or id_token needs implicit grant_type enabled in application level | when using token or id_token response_type, please make sure app settings has implicit grant_type enabled |
| AUTH10015 | unsupported_grant_type | unsupported_grant_type: code needs authorization_code grant_type enabled in application level | when using code response_type, please make sure app settings has authorization_code grant_type enabled |
| AUTH10016 | invalid_request | invalid_request: unsupported response_mode, possible values are form_post web_message fragment query | only these response_mode are supported. form_post web_message fragment query |
| AUTH10017 | invalid_request | invalid_request: nonce required for response_type id_token or token | when using openid scope and token or id_token response_type, you must provide nonce parameter |
| AUTH10018 | access_denied | access_denied: view_type register not allowed for this application, application needs cidaas:register or cidaas:invite scope | for registration request make sure app has cidaas:register or cidaas:invite scopes added |
| AUTH10021 | invalid_request | invalid_request: invalid code_challenge_method passed, allowed methods plain and S256 | |
| AUTH10022 | invalid_request | invalid_request: invalid invite_id passed | check if invite_id is correct |
| AUTH10023 | invalid_request | invalid_request: error while parsing the claims request parameter | please make sure claims parameter is a valid json string |
| AUTH10024 | invalid_request | invalid_request: userinfo or id_token required in claims parameter | please make sure to pass alteast one of userinfo or id_token claim |
| AUTH10025 | invalid_request | invalid_request: invalid prompt type passed, allowed prompt types none login consent account_selection | please pass correct prompt values. none, login, consent, account_selection |
| AUTH10026 | invalid_request | invalid_request: prompt type none cannot be passed with other prompt types | when passing none prompt, please don't include any other prompt values |
| AUTH10033 | invalid_request | invalid_request: found script tags | do not include script tags < or > in request |
| AUTH10034 | invalid_request | invalid_request: invalid max_age value passed | the max_age parameter must be a positive integer |
| AUTH10036 | invalid_session | invalid_session: expired | please share the error code and we will get back to you |
| AUTH10038 | invalid_request | invalid_request: missing requestId | you must pass requestId in query parameter |
| AUTH10039 | invalid_request | invalid_request: missing auth request | please check requestId, either requestId is not valid or data corresponding to this requestId is missing from the system |
| AUTH10041 | invalid_request | invalid_request: web_message_target is required when web_message_uri used | when passing web_message_uri, make sure to pass the web_message_target param as well |
| AUTH10042 | invalid_request | invalid_request: invalid web_message_uri passed | the web_message_uri is not a correct url |
| AUTH10043 | invalid_request | invalid_request: redirect_uri or web_message_uri origin not added in the allowed web origins in the app | the web_message_uri origin has to be configured in app's allowed web origins |
| AUTH10044 | login_required | login_required: not able to find valid session | make sure the id_token is valid when passing id_token_hint |
| AUTH10045 | internal_error | internal_error: internal server error | please share the error code and we will get back to you |
| AUTH10046 | invalid_request | invalid_request: invalid accept-language header passed | please share the error code and we will get back to you |
| AUTH10047 | unauthorized_client | unauthorized_client: Only DEVICE client_type is supported | please use DEVICE client only |
| AUTH10048 | invalid_request | invalid_request: code_challenge_method passed is not allowed by the application configuration | Please verify that the code_challenge_method matches the methods enabled in your app settings |
| AUTH10050 | invalid_request | request_uri is invalid | please provide a valid request_uri |
| AUTH10051 | invalid_request | request_uri is already expired | please regenerate the request_uri |
| AUTH10052 | invalid_request | request_uri already consumed | please regenerate the request_uri |
| AUTH10053 | unauthorized_client | par is not enabled for this tenant | please enable par for the tenant |
| AUTH10055 | invalid_request | client credentials missing | please provide the required client credentials |
| AUTH10056 | invalid_request | non-par request provided to par-only client | please provide a valid request_uri |
| AUTH10057 | invalid_request | PAR request cannot contain a request_uri itself | remove request_uri from the request |
| AUTH10058 | invalid_request | PAR request client_id doesnt match with the auth client_id | provide valid client_id |
| AUTH10059 | internal_error | internal_error: internal server error | please share the error code and we will get back to you |
| AUTH10060 | invalid_client | client authentication failed | please use a valid client |
| AUTH10061 | invalid_request | invalid_request: invalid request parameters | make sure the parameters for state and nonce are valid. By checking the logs you will see the reason |
| AUTH10062 | invalid_request | invalid_request: failed to parse redirect_uri | check the redirect_uri passed in the request |
| AUTH10063 | invalid_request | non-pkce request provided to pkce-only client | please use a valid request for PKCE |
| AUTH10064 | invalid_request | non-dpop request made to dpop enforced client | provide a valid jkt |
| AUTH10065 | invalid_request | DPoP feature is not enabled but the app requires DPoP-bound tokens | Please enable DPoP feature as it is required to issue DPoP-bound tokens for this app |
| AUTH10066 | invalid_request | DPoP proof is required but missing | Please pass valid DPoP proof in the request header, since app requires DPoP-bound tokens |
| AUTH10067 | invalid_dpop_proof | DPoP validation failed | Please pass valid DPoP proof in the request header |
| AUTH10068 | invalid_request | DPoP header is ignored since DPoP feature is not enabled | please enable dpop to ensure dPoP header is respected |
| AUTH10069 | invalid_request | invalid DPoP key binding | please match the public key in the dPoP header with the bound key |
| AUTH10070 | access_denied | access_denied: You do not have permission to access this application | |
| AUTH10071 | interaction_required | interaction_required: User interaction is required to complete the request | |
| AUTH10072 | invalid_request | Invalid id_token_hint | Please ensure that the id_token_hint is correct provided in the authorization request |
| AUTH10073 | invalid_request | id_token_hint is encrypted which is not supported | Please ensure that the id_token_hint is not encrypted |
Need Support?
Please contact us directly on our support page