OAuth 2.0 Errors

invalid_request

The authorization request to Hub is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed.

Check that all parameters are correct, that provided service_id exists, etc.

invalid_redirect_uri

The client is not authorized to request an authorization code using this method: The redirect_URI of the service either is incorrect or not provided.

1. Make sure the provided redirectUri is correct and properly registered as one of the service's redirect URIs.

2. Make sure your service provides at least one redirect_uri in Hub.

unsupported_response_type

Hub does not support obtaining an authorization code using this method.

Try to change selected method of authorization.

invalid_scope

The scope for which authorization is requested, does not match any registered service.

Check if the scopes used in the OAuth 2.0 request match service IDs in Hub. Request only the scopes you actually need for your current task.

access_denied

The resource owner or authorization server denied the request.

Make sure that the user accepts the consent screen during sign-in and is not banned in Hub.

response_type_not_allowed

The Service is configured to disallow the specified response type.

Check the service configuration in Hub and make sure that it allows the OAuth 2.0 flow used by the client application.

pkce_is_required

Hub service is configured to require PKCE on sign-in, but the client application does not support it.

Check the service configuration in Hub. Disable the PKCE requirement. Alternatively, send code challenge and code verifier along with the OAuth 2.0 requests.

server_error

An internal Hub error has occurred.

This is most likely an issue with Hub. Please contact customer support for further guidance.

login_required

prompt=none is used by the client, but there is no active end-user session to proceed with.

Use the none value only when the user is already signed in. Otherwise, catch the error and implement a fallback path.

request_not_supported

Hub does not support signed request objects yet.

Remove the request parameter from the OAuth 2.0 request.

request_uri_not_supported

Hub does not support signed request objects yet.

Remove the request_uri parameter from the OAuth 2.0 request.

invalid_request

The request is missing a required parameter, includes an unsupported parameter value (other than grant type), repeats a parameter, includes multiple credentials, utilizes more than one mechanism for authenticating the client, or is otherwise malformed.

Possible reasons: Authorization header in response is not of the Bearer type. Also, a parameter in the token request may be mulformed or missing.

Please check the response header. Then check if the request is correct.

invalid_client

Client authentication failed. For example, the client is unknown, no client authentication included, or authentication method is unsupported.

Possible reasons:

• No service with the provided clientServiceId was found.

• Authorization header was either of invalid format or not passed at all.

invalid_grant

Possible reasons:

• Refresh token was issued to another client service.

• Refresh token is unknown.

• Authorization code is unknown or is of invalid format.

• The service secret is of invalid format.

• Provided credentials of the service owner are invalid.

• Requested scope does not match allowed by access token

unauthorized_client

Possible reasons: The service that requests authorization token is not verified.

unsupported_grant_type

Possible reasons: The authorization grant type is not supported by Hub.

invalid_scope

Possible reasons: The scope to which you are requiring access token does not match any registered service.

Please check the request.