Skip Navigation

Authentication errors

This topic describes the error codes you may see when authentication of an API client fails. When authentication fails because the client is disabled or not present, a 400 error code is displayed. The following table explains the errors:
Error code
Action to correct
invalid client
The client name does not exist or is incorrect, or the client secret is invalid.
Check that the client is provisioned in the API application page and that it is in the Enabled state. 
Reset the client secret and use the new one. 
The grant type is invalid.
The Grant type cannot be empty. Check that the Grant type is populated with one of the following supported grant type values: Implicit, authorization_code, Password, Change_org.
The username or password is invalid, or the tenant code is invalid.
Make sure that the user credentials are valid and the correct organization code is passed.
The scope is invalid.
The Scope cannot be empty. 
The mandatory Scope value is 
openid profile athoc.iws.web.api. offline_access
The offline_access scope value is an optional value that is required only when requesting a refresh token.
If you received an error, verify the following items:
  1. Your client is properly provisioned and your client_id and secret are valid.
  2. Your client has the password grant configured and allowed.
  3. Your username and password fields are correct.
  4. The user exists in the organization defined in the acr_values tenant:<org_code>.
  5. The operator account is not locked.