The Authentication API reports the success or failure of an operation by using on Identity Cloud's Registration error system. This system reports errors by using status codes similar to HTTP status codes. Note, however, that the Registration status codes aren't identical to their HTTP counterparts. Registration error 415 (the authorization code has expired) is not the same as the HTTP status code 415 (unsupported media type). See the table below for information about the Registration error codes and what they mean.
A Registration error response always contains at least the following fields:
- code: an integer error code.
- error: a machine-readable string code.
- error_description: a text description of the error.
Whenever an operation fails the response includes the
request_token field, a generated string of 16 characters. The request token is recorded in Identity Cloud's internal API logs. If you submit a support ticket, you should include the
request_token value so support personnel can check logs and find the exact operation and error.
Error codes are grouped into the following categories:
- 100. Missing argument.
- 200-399. An argument is invalid.
- 300-399. Occurs when creating, updating or querying records.
- 340-369. Occurs when a record value violates the schema. Errors 340-359 are for data type errors and 360-379 are for constraint errors.
- 400-499. Authentication and permission errors, including expired tokens and codes, and OAuth errors.
- 500+. Unexpected internal errors.
A code that is a multiple of 100 or 10 is a catch-all for the codes below it, and may be split off into more specific codes in the future.
missing_argument. A required argument wasn't supplied.
invalid_argument. The argument was malformed or its value was invalid.
duplicate_argument. Two or more conflicting arguments were included in the same operation. For example, you typically can't use
uuid in the same operation.
invalid_auth_method. The request used an invalid authentication method. Different operations support different authentication methods.
invalid_credentials. The supplied email address or password was incorrect.
no_password. The user tried to log in with an email address and password, but the account only supports social login.
no_such_account. The user tried to log in with an email address and password, but the email address doesn't exist.
password_incorrect. The user tried to log in with an email address and password. The email address was valid, but the password wasn't.
password_unacceptable. Occurs when password history is enabled and you try to reuse a previously-used password.
unknown_application. The application ID doesn't exist.
unknown_entity_type. The entity type doesn't exist.
unknown_attribute. A specified attribute doesn't exist. This can occur when trying to create or update a record, or when modifying an attribute.
application_not_found. The application can't be found on the specified domain.
flow_error. The flow is misconfigured and needs to be updated.
entity_type_exists. You tried to create an identity type that already exists. Entity type names must be unqiue within an application.
attribute_exists. Your to create an attribute that already exists. Attribute names must be unique within an entity type schema.
reserved_attribute. You attempted to modify a reserved attribute. Some attributes -- such as
created -- can't be modified.
error_creating_record. An error occurred while creating a new record.
record_not_found. You referenced an entity or plural element that doesn't exist.
id_in_new_record. You tried to add an ID to a new entity or plural element.
lastUpdated value doesn't match the supplied argument.
invalid_data_format. A JSON value wasn't formatted correctly.
invalid_json_type. A value didn't match the expected JSON type.
invalid_date_time. A date or dateTime value wasn't valid. For example, ithe value wasn't formatted correctly or was out of range.
unknown_application. Occurs if password history is enabled and you try to reuse a previously-used password.
constraint_violation. An attribute constraint was violated. For example, you tried to write string data to an attribute that can only hold integer data.
locally-unique constraint was violated.
missing_required_attribute. An attribute with the
required constraint was either missing or set to
null. Required attributes can't have null values.
length_violation. A string value violated an attribute’s
length constraint. For example, you tried to save the string
ABCD to an attribute that can contain a maximum of 2 characters.
email_address_in_use. You tried to register a new user, but an existing user already has that email address.
invalid_form_fields. The data submitted did not pass form validation. This error is also generated if you exceed the allowed number of login attempts. In that case, you'll get the error message "Too many attempts. Please try again later."
invalid_client_credentials. The client ID doesn't exist or the client secret is wrong.
client_permission_error. The client doesn't have permission to perform the action.
no_access_grant. The supplied authorization code is not valid because the user’s access grant has been deleted.
access_token_expired. The supplied access token has expired.
authorization_code_expired. The supplied authorization code has expired.
verification_code_expired. The supplied verification code has expired.
creation_token_expired. The supplied creation token has expired.
redirect_uri_mismatch. The redirect URL is invalid.
api_feature_disabled. The operation has been temporarily disabled for maintenance, and should be available again shortly.
unexpected_error. An unexpected internal error occurred.
api_limit_error. Generated any time your request exceeds rate limits such as the allowed number of registration requests.
triggered_error. An error was triggered in the flow.