In the OpenId protocol, errors are sent back in the url of redirect_uri.
You can find more information here
https://<redirect_uri>?error=<error>&error_description=<description>
| Code | Description | Comment | Example |
|---|---|---|---|
| access_denied |
User is not allow to authenticate |
In case of multiple failed attempt or for a blocked user |
https://localhost/auth/ping/index.html?appId=all.accor&state=G5mmgVtmCt3pn7wqCg6yS4&error=access_denied# |
|
invalid_request |
Invalid request parameter | Problem on JWS or request validation | |
| invalid_scope | Invalid scope | Problem on declared scopes or invalid scope in the request | https://localhost/auth/ping/index.html?appId=com.accorplus&error_description=The+requested+scope+is+inva…;error=invalid_scope# |
| server_error | Error on the authentication server | https://localhost/auth/ping/index.html?appId=all.accor&state=62buhEqCFTGXB3ldiFBltB&error=server_error# | |
| temporarily_unavailable | Unavailable authentication server | ||
| unauthorized_client | Unauthorized client |
Example of an unauthorized client (code flow mode): url : https://rec-login.accor.com/as/authorization.oauth2?client_id=implicit.accor&response_type=code&scope=op… APIWEB.USER.READ_PROFILE&redirect_uri=https://localhost/auth/ping/index.html%3FappId%3Dimplicit.accor&nonce=TGz2mL1sLj2h8S933qPGdT error: https://localhost/auth/ping/index.html?appId=implicit.accor&error_description=authorization_code+grant+n…;error=unauthorized_client# |
|
| unsupported_response_type | unsupported response type | Error sending parameters | https://localhost/auth/ping/index.html?appId=all.accor&state=d7QChnynTyZGppgxXKvzii&error=unsupported_response_type# |
| login_required | No session |
|
Check SSO chapter Example: |
| interaction_required | Approval requested |
The user is connected but you must validate scopes |
See approval scope chapter Example: |
If case of an invalid redirect_uri, the OpenId protocol won't do a redirection but will display an error page with Invalid redirect_uri.