API Reference
Log In
API Reference

Common Auth Error Responses

Learn about the common error responses that can be seen during the authentication process

Authorization Request Errors

If you make an invalid request to the authorization endpoint, you will come across a screen as shown below.

Authorization Request Error Screen

Authorization Request Error Screen

Some of the error text that is shown under the red warning text is given below:

invalid_client

Reason: Invalid client_id or invalid redirect_uri

Solution: Make sure your client_id and redirect_uri exactly matches the values obtained when Registering a Client

unsupported_grant_type

Reason: Invalid/Missing response_type

Solution: Make sure that response_type is set to code as detailed here. OrangeHRM Starter 5.5 only supports the authorization code grant type.

invalid_request

Reason: This could be due to one of the other parameters being invalid or missing

Solution: Please refer to the guide here and ensure that all your parameters are set accordingly.

Token Request Errors

When you make an invalid request to the token endpoint, you will receive a response like the following:

{
    "error": "invalid_request",
    "error_description": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.",
    "hint": "Authorization code has expired",
    "message": "The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed."
}

You can check the hint field to determine the cause of the error. Some of the hints are listed below.

Authorization code has expired

Reason: The authorization code expires within 5 minutes after you receive the authorization response.

Solution: Make another authorization request and obtain a new authorization code. Then make the token request within 5 minutes of receiving it.

Failed to verify code_verifier

Reason: The code_verifier does not match the previously sent code_challenge

Solution: Make sure you send the correct values for the code_verifier and code_challenge as detailed in Generating a Code Verifier. If you are using the plain method then they should both be equal and if you are using the S256 method then the code_challenge should be equal to base64urlencode(sha256(code_verifier)). Check out this link for an example.

Invalid redirect URI

Reason: The redirect URI provided did not match the URI associated with the client

Solution: Make sure you provide the exact same URI as the one provided in Registering a Client

Invalid Client

Note that this error request has a slightly different response than the one provided above:

{
    "error": "invalid_client",
    "error_description": "Client authentication failed",
    "message": "Client authentication failed"
}

Reason: Invalid Client ID provided

Solution: Provide the same client ID as the one obtained when Registering a Client