Authentication errors
This topic describes the error codes you may see when authentication of an API client fails. When authentication fails because the client is disabled or not present, a 400 error code is displayed. The following table explains the errors:
Error code | Cause | Action to correct |
|---|---|---|
invalid client | The client name does not exist or is incorrect, or the client secret is invalid. | Check that the client is provisioned in the API application page and that it is in the Enabled state. Reset the client secret and use the new one. |
unsupported_grant_type | The grant type is invalid. | The Grant type cannot be empty. Check that the Grant type is populated with one of the following supported grant type values: Implicit, authorization_code, Password, Change_org. |
invalid_grant | The username or password is invalid, or the tenant code is invalid. | Make sure that the user credentials are valid and the correct organization code is passed. |
invalid_scope | The scope is invalid. | The Scope cannot be empty. The mandatory Scope value is openid profile athoc.iws.web.api. offline_access .The offline_access scope value is an optional value that is required only when requesting a refresh token. |
If you received an error, verify the following items:
- Your client is properly provisioned and your client_id and secret are valid.
- Your client has the password grant configured and allowed.
- Your username and password fields are correct.
- The user exists in the organization defined in the acr_values tenant:<org_code>.
- The operator account is not locked.