Oauth error codes

    Applies to:
  • SecureAuth Identity Platform
  • Legacy SecureAuth IdP
Deployment model:
  • Hybrid
  • On Premises
  • Version Affected:  All


    This article covers the common errors returned by the various Oauth and OpenID endpoints. 



    Some errors are clear, other less so. 




    Error Error Description Endpoint Grant Type Meaning
    invalid_scope - oidctoken.aspx All you've requested a scope that doesn't exist
    invalid_request Missing Client secret oidctoken.aspx All Client secret is missing
    invalid_request Missing Client ID. oidctoken.aspx All Client ID is missing
    access_denied Request is unauthorized oidctoken.aspx All Client ID or Client Secret is wrong
    invalid_grant Missing or invalid grant_type. oidctoken.aspx All Grant_type is missing or invalid or not allowed
    server_error Unexpected error oidctoken.aspx Resource Owner (Password) the username doesn't exist
    invalid_grant - oidctoken.aspx Resource Owner (Password) user exists but the password is wrong
    Redirect URI is unsafe - oidcauthorize.aspx Code, Hybrid, Implicit Redirect URL is http or if it has not been added to the allowed uri list.
    Invalid Client_ID - oidcauthorize.aspx Code, Hybrid, Implicit client id is wrong




    SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

    Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

    1 out of 1 found this helpful



    Please sign in to leave a comment.