If the redirect URI parameter is missing, or the redirect URI does not match one of the registered redirect URLs for the application, Akoya will not redirect the user back to your application (as this would leave your application vulnerable to an open redirector attack). Instead, Akoya will display an error to the user, similar to the image below.

Errors returned in browser

Example

617617

Example of browser displaying "Bad Request"

HTTP Code/ErrorError DescriptionPossible issue
200No "connector" Will return an incorrect login screen
400 Bad RequestUnregistered redirect_uri (e.g. "https://wrong/v1/callback"))The redirect_uri is incorrect or not registered
400 Bad RequestInvalid ConnectorIDThe providerId is incorrect
400 Bad RequestInvalid client_id ("client_id").The clientId is incorrect
404/500404 and 500 server errors do not return custom messaging to the browser.
501501 errors, subsystem is unavailable or temporarily unavailable

Error codes returned in URL (invalid parameters)

For other errors, the server will redirect the application to the redirect URI, but will include an error in the query string matching the types below:

Example

866866

Example parameters in URL: error=invalid_scope&error_description=Missing+required+scope(s)+["openid"].&state=

"error""error_description"Possible issue
invalid_requestInvalid+response+typeThe request is missing a parameter, contains an invalid parameter, includes a parameter more than once, or is otherwise invalid.
invalid_scopeMissing+required+scopeThe requested scope is invalid or unknown.
access_deniedThe user or authorization server denied the request.
unauthorized_clientThe client is not allowed to request an authorization code using this method, for example, if a confidential client attempts to use the implicit grant type.
unsupported_response_typeThe server does not support obtaining an authorization code using this method, for example, if the authorization server never implemented the implicit grant type.
server_errorInstead of displaying a 500 Internal Server error page to the user, the server can redirect with this error code.
temporarily_unavailableIf the server is undergoing maintenance, or is otherwise unavailable, this error code can be returned instead of responding with a 503 Service Unavailable status code.

Server errors

A server_error response could be due to any of the following:

  • Internal error creating new access token
  • failed to create ID token
  • failed to delete auth code
  • connector with ID [abc] not found
  • failed to marshal refresh token
  • failed to create refresh token
  • failed to delete refresh token
  • failed to get offline session
  • failed to create offline session
  • failed to delete refresh token
  • failed to update offline session
  • failed to get auth code from database
  • any internal error caused by creating a token
  • failed to marshal refresh token
  • failed to create refresh token
  • failed to delete refresh token
  • failed to create offline session
  • failed to update offline session
  • failed to marshal refresh token
  • failed to get refresh token
  • provider token not found with userID and connectorID
  • failed to refresh identity
  • failed to create new access token
  • failed to update refresh token
  • failed to update provider session
  • failed to get client
  • failed to update offline session object
  • unable to unmarshal claim from id token
  • failed to create new access token
  • failed to marshal access token response
  • failed to get client
  • failed to get connectors from storage
  • unable to validate cross client trust