Hosted Login troubleshooting
Solutions to problems you might encounter when using Hosted Login.
Hosted Login error messages
You get a 404 page not found error
This is almost always due to a problem with the Hosted Login URL specified in the authorization request.
You get an invalid client_id error
You didn’t specify the ID of a valid OpenID Connect login client in your authorization request.
You get an invalid redirect_uri error
The redirect URI in your authorization request doesn’t match one of the allowed redirect URIs in your login client.
You get a verify_email_url is not set error
The value of the verify_email_url setting in your application client is missing or is invalid.
You get a No flow available error
The flow name or flow version specified in your application client is invalid.
You get a Token URL is not whitelisted error
Typically corrected by updating your social login allow list.
You get an error similar to response_type is missing
You forgot to include the response_type parameter in your authorization request.
You get an unsupported response type error
Your response_type parameter references a response type Hosted Login doesn’t support.
You get a Scope must include openid error
Your authorization request needs to include the scope parameter, and openid must be included in the parameter value.
You get a 403 Forbidden error when calling an OIDC configuration client
This invariably means that your administrative access token has expired.
Everyone who tries to log on gets an Incorrect username or password error
Typically means that the entity type referenced in the flow used by your application client isn’t the same entity type referenced in your OpenID Connect login client.
Authorization request problems
You specified a scope but that scope isn’t being returned
You can only return scopes that are referenced in your token policy.
You specified a custom claim but that claim isn’t being returned
Step 1: make sure that custom claim is referenced in your login policy.
Screen and UI problems
Your social login buttons look really weird
Make sure the value in the authentication.providers setting is configured as a JSON array.
You get a US English sign-in screen even though you specified a different locale
Typically this happens because you referenced a locale that doesn’t actually exist in your flow.
Your Visit our help center link doesn’t link to your help center
By default this link doesn’t go anywhere. You need to make an API call and point the link to the desired URL.
Your sign-in screen doesn’t have a Forgot Password link
This is rare, but you might have accidentally deleted the password_recover_url setting.
The en-US locale is used in place of the en locale
Typically not a problem, but something you should be aware of.
You get back an administrative access token that doesn’t work
You can usually trace this problem back to an invalid or incorrect scope.
Your social login provider doesn’t work
Verify that the social login provider has been configured for use,
Shared computers don’t get the login prompt
This can happen if users don’t log out from Hosted Login and if you don’t set the prompt parameter to login.
Policies can’t be removed from OIDC clients
That’s true: they can’t be removed. And here’s why.
The site_name changes along with the OIDC client name
That’s also true. But here’s how to work around the issue.
Updated about 2 months ago