Hosted Login troubleshooting

Solutions to problems you might encounter when using Hosted Login.

Hosted Login error messages

• You get a 404 page not found error
  This is almost always due to a problem with the Hosted Login URL specified in the authorization request.

• You get an invalid client_id error
  You didn’t specify the ID of a valid OpenID Connect login client in your authorization request.

• You get an invalid redirect_uri error
  The redirect URI in your authorization request doesn’t match one of the allowed redirect URIs in your login client.

• You get a verify_email_url is not set error
  The value of the verify_email_url setting in your application client is missing or is invalid.

• You get a No flow available error
  The flow name or flow version specified in your application client is invalid.

• You get a Token URL is not whitelisted error
  Typically corrected by updating your social login allow list.

• You get an error similar to response_type is missing
  You forgot to include the response_type parameter in your authorization request.

• You get an unsupported response type error
  Your response_type parameter references a response type Hosted Login doesn’t support.

• You get a Scope must include openid error
  Your authorization request needs to include the scope parameter, and openid must be included in the parameter value.

• You get a 403 Forbidden error when calling an OIDC configuration client
  This invariably means that your administrative access token has expired.

• Everyone who tries to log on gets an Incorrect username or password error
  Typically means that the entity type referenced in the flow used by your application client isn’t the same entity type referenced in your OpenID Connect login client.

Authorization request problems

• You specified a scope but that scope isn’t being returned
  You can only return scopes that are referenced in your token policy.

• You specified a custom claim but that claim isn’t being returned
  Step 1: make sure that custom claim is referenced in your login policy.

Screen and UI problems

• Your social login buttons look really weird
  Make sure the value in the authentication.providers setting is configured as a JSON array.

• You get a US English sign-in screen even though you specified a different locale
  Typically this happens because you referenced a locale that doesn’t actually exist in your flow.

• Your Visit our help center link doesn’t link to your help center
  By default this link doesn’t go anywhere. You need to make an API call and point the link to the desired URL.

• Your sign-in screen doesn’t have a Forgot Password link
  This is rare, but you might have accidentally deleted the password_recover_url setting.

• The en-US locale is used in place of the en locale
  Typically not a problem, but something you should be aware of.

Other problems

• You get back an administrative access token that doesn’t work
  You can usually trace this problem back to an invalid or incorrect scope.

• Your social login provider doesn’t work
  Verify that the social login provider has been configured for use,

• Shared computers don’t get the login prompt
  This can happen if users don’t log out from Hosted Login and if you don’t set the prompt parameter to login.

• Policies can’t be removed from OIDC clients
  That’s true: they can’t be removed. And here’s why.

• The site_name changes along with the OIDC client name
  That’s also true. But here’s how to work around the issue.