OIDC error codes
10Duke Enterprise can return the following error codes to client applications that call the OAuth 2.0/OpenID Connect (OIDC) authorization and access token endpoints.
Error codes for authorization endpoint
| Error code |
Description |
access_denied |
Access to the requested resource was denied. |
invalid_client_configuration |
A client configuration was found by the given client ID, but the configuration is invalid. |
invalid_request |
The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed. |
invalid_scope |
The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. |
server_error |
The authorization server encountered an unexpected condition that prevented it from fulfilling the request. |
temporarily_unavailable |
The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server. |
unauthorized_client |
The client is not authorized to request an authorization code using this method. |
unsupported_response_type |
The authorization server doesn’t support obtaining an authorization code using this method. |
Error codes for access token endpoint
| Error code |
Description |
client_authentication_attempts_restricted |
The client has sent too many failed authentication attempts or too many failed token refresh requests. The response field waitSeconds specifies the number of seconds that the client must wait before trying again. |
invalid_client |
Client authentication failed, for example, because the client is unknown, no client authentication was included, or the authentication method is not supported. The authorization server may return an HTTP 401 (Unauthorized) status code to indicate which HTTP authentication schemes are supported. |
invalid_client_configuration |
A client configuration was found by the given client ID but the configuration is invalid. |
invalid_grant |
The provided authorization grant (such as the authorization code or the resource owner credentials) or the refresh token is invalid, expired, or revoked, or doesn’t match the redirection URI used in the authorization request, or was issued to another client. |
invalid_request |
The request is missing a required parameter, includes an unsupported parameter value (other than the grant type), includes a parameter more than once, or is otherwise malformed. |
invalid_scope |
The requested scope is invalid, unknown, malformed, or exceeds the scope granted by the resource owner. |
unauthorized_client |
The client is not authorized to request an authorization code using this method. |
unsupported_grant_type |
The authorization grant type is not supported by the authorization server. |
