This page lists the error codes returned when IDaaS Customer Identity and Access Management (CIAM) API calls fail.
OAuth error codes
When an OAuth request fails, the response follows this format:
{
"error": "invalid_grant",
"error_description": "Invalid authorization code: 202207211236389yghDWdB",
"error_uri": "http://xxxxx/api/bff/v1.2/developer/ciam/oauth/token/provider",
"requestId": "1658384361768$ca725dc4-182f-7562-17d2-53e6acf6a3ac"
}| Error code | Description |
|---|---|
invalid_request | A required parameter is missing, not specified, or in an invalid format. |
invalid_client | The application does not exist or is in an abnormal state. |
invalid_grant | The authorization credentials are invalid, expired, or revoked. Alternatively, the redirect URI does not match the one recorded by the authorization server. Credentials include the authorization code, the refresh token, and secrets created by principals. |
invalid_scope | The requested scope is invalid or unknown. |
invalid_token | The token is invalid. |
unauthorized_client | The client is not authorized to make this request. |
unauthorized_user | You do not have permission to access this resource. |
unsupported_grant_type | The authorization server does not support this grant type. |
unsupported_response_type | The authorization server does not support this response type. |
access_denied | The authorization server rejected the request. The token may be invalid. |
redirect_uri_mismatch | The redirect_uri value is invalid. |
login_failed | The user ID or password is invalid. |
user_deleted | The user is invalid. |
server_error | An internal error occurred on the authorization server. |
CIAM error codes
When a CIAM API request fails, the response follows this format:
{
"success": false,
"code": "Operation.Failure",
"message": "Operation.Failure.Mini.Program.Silent.Login",
"requestId": "1656572265429$49b433a9-219a-910a-0323-2af4f1f1a9ce",
"data": null
}The code field identifies the exception type. The message field identifies the specific details of the exception.
Error codes
An error code identifies the type of exception.
| Error code | Description |
|---|---|
Service.Internal.Error | An internal error occurred in the CIAM service. |
Operation.Success | The operation succeeded. |
Operation.Failure | The operation failed. |
Resource.NotFound | The resource does not exist. |
Params.Blank | A required parameter is not specified. |
Params.Illegal | A parameter is invalid. |
Operation.Denied | You do not have permission to perform this operation, or you have not completed real-name verification. |
Remote.Error | An exception occurred when calling a third-party service. |
Social.Login.Error | An exception occurred during social logon. |
Unsupported.Media.Type | The media type is invalid for the request method (POST, GET, PUT, or DELETE). |
Error messages
An error message identifies the specific details of the exception.
Common errors
| Error message | Description |
|---|---|
Server.Access.Denied.Token.Expire | Access denied. The token has expired. |
Operation.Failure.RemoteServerCommonError | The operation failed. A dependent service returned an error. |
Operation.Failure.ResourceAlreadyExist | The operation failed. The resource already exists. |
Operation.Failure.UnknownError | The operation failed. An unknown error occurred. |
Operation.Failure.Unsupported | The operation is not supported. |
Operation.Failure.ServerIntener.Error | The operation failed. An internal error occurred. |
Operation.Failure.Service.Internal.Error | An internal error occurred. |
Server.Access.Denied | Access denied. The user does not have permission. |
Operation.Failure.IP.Access.Invalid | The IP address is unreachable. |
Service errors
| Error message | Description |
|---|---|
Operation.Failure.AuthenticateInformation.Disable | The authentication source is disabled. |
Operation.Failure.AuthenticateInformation.Not.Found | The authentication source does not exist. |
Operation.Failure.Captcha.Error | The CAPTCHA code is invalid. |
Operation.Failure.Captcha.Invalid | The CAPTCHA code is invalid or does not exist. |
Operation.Failure.Change.User.Type | Failed to change the user type. |
Operation.Failure.Email.Code.Error | The SMS or email verification code is invalid. |
Operation.Failure.Email.Code.Not.Find | The SMS or email verification code was not found. Resend the verification code. |
Operation.Failure.Email.Code.Too.Frequency | Too many verification attempts. Resend the verification code. |
Operation.Failure.Email.Not.Exist | Two-factor authentication failed. The specified email address does not exist. |
Operation.Failure.Email.Not.Same | The submitted email address does not match the address used to send the verification code. |
Operation.Failure.FId.Not.Found | The file ID is invalid or the process has expired. |
Operation.Failure.File.Size.Exceeds.Limit | The uploaded file exceeds the size limit. |
Operation.Failure.Gesture.Error | The gesture trajectory is invalid. |
Operation.Failure.Gesture.Sign.Error | The gesture trajectory is invalid. |
Operation.Failure.Invalid.AccessToken | The access token is invalid. |
Operation.Failure.Invalid.Id_Token | The ID token is invalid. |
Operation.Failure.Mini.Program.Phone | The mobile phone number for WeChat mini program logon could not be retrieved. The EncryptedData parameter is missing or invalid. |
Operation.Failure.Mini.Program.Silent.Login | Silent logon to the WeChat mini program failed. |
Operation.Failure.Mini.Program.Userinfo | WeChat mini program user information could not be retrieved. The EncryptedData parameter is missing or invalid. |
Operation.Failure.Oauth.Client.Not.Available | The client ID is invalid or the application is unavailable. |
Operation.Failure.Password.Has.Initialized | The password has already been initialized and cannot be re-initialized. |
Operation.Failure.PhoneNumber.Not.Same | The submitted mobile phone number does not match the number used to send the verification code. |
Operation.Failure.Public.Key.Not.Exist | The public key for the ID token does not exist. |
Operation.Failure.Send.Email.Fail | Failed to send the email. |
Operation.Failure.Send.Email.Too.Frequency | Too many email send attempts. |
Operation.Failure.Send.SMS.Fail | Failed to send the SMS message. |
Operation.Failure.Send.SMS.Too.Frequency | Too many SMS send attempts. |
Operation.Failure.SMS.Code.Error | The SMS or email verification code is invalid. Re-enter the verification code. |
Operation.Failure.SMS.Code.Not.Find | The SMS or email verification code was not found. Resend the verification code. |
Operation.Failure.SMS.Code.Too.Frequency | Too many verification attempts. Resend the verification code. |
Operation.Failure.Social.Code.Expired | Social logon failed. The third-party code is invalid. |
Operation.Failure.Social.Login | Social logon failed. |
Operation.Failure.Social.User.Auth.Error | Failed to authorize the third-party user. |
Operation.Failure.Social.User.Not.Bind | No binding relationship exists for this social logon. |
Operation.Failure.SSO.Cannot.Get.Code | Failed to retrieve the single sign-on (SSO) code. |
Operation.Failure.Unsupported.2fa.Type | This two-factor authentication (2FA) operation is not supported. |
Operation.Failure.Unsupported.Dict.InUse | Extended attributes are in use and cannot be modified or deleted. |
Operation.Failure.Unsupported.File.Type | The uploaded file type is not supported. |
Operation.Failure.Unsupported.Ignore.Complete | The account completion flow cannot be skipped. |
Operation.Failure.Unsupported.Social.Platform | This third-party social platform is not supported. |
Operation.Failure.Unsupported.UserType.InUse | The user type is in use and cannot be modified or deleted. |
Operation.Failure.Update.Device.Status | Failed to update the device status. |
Operation.Failure.User.Archived | The user is deleted. |
Operation.Failure.User.Disabled | The user is disabled. |
Operation.Failure.User.Email.Equal.Original | The new email address is the same as the current email address. |
Operation.Failure.User.Locked | The user is locked. |
Operation.Failure.User.Locked.And.Password.Error | The account is locked due to too many failed password attempts. |
Operation.Failure.User.Not.Bind.Gesture | No gesture is bound to this account. |
Operation.Failure.User.Not.Exist | The user does not exist. |
Operation.Failure.User.Password.Error | The password is incorrect. |
Operation.Failure.User.PhoneNumber.Equal.Original | The new mobile phone number is the same as the current mobile phone number. |
Operation.Failure.Username.Or.Password.Error | The account or password is invalid. |
Operation.Params.Illegal.DeviceId | The device ID does not exist. |
Missing parameter errors
| Error message | Description |
|---|---|
Params.Blank.ApplicationExternalId | Security authentication failed. The external ID is not specified. |
Params.Blank.Authentication.Id | The authentication source ID is not specified. |
Params.Blank.CaptchaCode | The CAPTCHA UUID is not specified. |
Params.Blank.CaptchaText | The CAPTCHA code is not specified. |
Params.Blank.Code | The verification code is not specified. |
Params.Blank.Device.DeviceId | The device ID is not specified. |
Params.Blank.Dictionary.Uuid | The extension field UUID is not specified. |
Params.Blank.Dictionary.Value.Uuid | The extension field value UUID is not specified. |
Params.Blank.FId | The file ID is not specified. |
Params.Blank.Gesture.Sign | Gesture logon failed. The gesture code is not specified. |
Params.Blank.Idaas.AppId | The IDaaS application ID is not specified. |
Params.Blank.Id_Token | The ID token is not specified. |
Params.Blank.Mini.Program.LoginCode | The WeChat mini program temporary logon code is not specified. |
Params.Blank.Mini.Program.Phone | The SSO parameter phoneNumberCode, phoneNumberEncryptedData, or phoneNumberIv for the WeChat mini program is not specified. |
Params.Blank.Mini.Program.Userinfo | The EncryptedData or Iv parameter for WeChat mini program logon is not specified. |
Params.Blank.MobileExtendParamsJson | A required biometric authentication parameter is not specified. |
Params.Blank.MobileExtendParamsJsonSign | A required biometric authentication parameter is not specified. |
Params.Blank.Social.Callback.Code | The code returned by the third-party provider is not specified for social logon. |
Params.Blank.Type | The type is required when sending a verification code. Valid values: SMS, EMAIL. |
Params.Blank.Upload.File | The file is empty or the file name is not specified. |
Params.Blank.User.Address | A detailed address is required. |
Params.Blank.User.Birthday | Birthday is required. |
Params.Blank.User.City | City is required. |
Params.Blank.User.Country | Country is required. |
Params.Blank.User.DisplayName | A display name is required. |
Params.Blank.User.Email | An email address is required. |
Params.Blank.User.EnDisplayName | An English display name is required. |
Params.Blank.User.Extension.AttrValue | A value for the extended attribute is required. |
Params.Blank.User.ExternalId | An external ID is required. |
Params.Blank.User.Gender | Gender is required. |
Params.Blank.User.Password | A password is required. |
Params.Blank.User.Phone.Number | A mobile phone number is required. |
Params.Blank.User.Province | Province is required. |
Params.Blank.User.Region | Region is required. |
Params.Blank.User.Street | Street information is required. |
Params.Blank.User.Username | A username is required. |
Params.Blank.User.Uuid | The user UUID is required. |
Params.Blank.UserType.Code | The user type code is required. |
Params.Blank.UserType.Name | The user type name is required. |
Params.Blank.UserType.Uuid | The user type UUID is required. |
Params.Blank.OauthClient.Client_Id | The client ID is not specified. |
Params.Blank.OauthClient.Grant_Type | Grant_Type is not specified. |
Params.Blank.OauthClient.Grant_Secret | The client secret is not specified. |
Params.Blank.AuthenticateInformation.EnterpriseAuthId | The authentication source ID is not specified. |
Duplicate resource errors
| Error message | Description |
|---|---|
Params.Exist.SocialUser.SocialId | The social ID already exists. |
Params.Exist.User.Email | The email address already exists. |
Params.Exist.User.ExternalId | The external ID already exists. |
Params.Exist.User.Phone.Number | The mobile phone number already exists. |
Params.Exist.User.Username | The username already exists. |
Params.Exist.UserType | The user type already exists. |
Params.Exist.UserType.Code | The user type code already exists. |
Params.Exist.UserType.Name | The user type name already exists. |
Invalid parameter errors
| Error message | Description |
|---|---|
Params.Illegal.Consent | A required consent for logon has not been agreed to. |
Params.Illegal.Dictionary.Uuid | The extended field UUID is invalid. |
Params.Illegal.Dictionary.Value | The extended field value is invalid. |
Params.Illegal.Dictionary.Value.Uuid | The extended field value UUID is invalid. |
Params.Illegal.Group.ExternalId | The group external ID is invalid. |
Params.Illegal.Group.Name | The group name is invalid. |
Params.Illegal.Group.Uuid | The group UUID is invalid. |
Params.Illegal.Type | The type value is not supported for sending verification codes. |
Params.Illegal.User.DisplayName | The display name is invalid. |
Params.Illegal.User.Email | The email address is invalid. |
Params.Illegal.User.Extension.AttrValue | The extended attribute value is outside the allowed range. |
Params.Illegal.User.Password | The password does not meet the password policy requirements. |
Params.Illegal.User.Password.Policy | The password does not meet the password policy requirements. |
Params.Illegal.User.Password.Same.Old | The new password is the same as the current password. |
Params.Illegal.User.Phone.Number | The mobile phone number already exists. |
Params.Illegal.User.Username | The username already exists. |
Params.Illegal.User.Username.Policy | The username does not meet the naming policy requirements. |
Params.Illegal.User.UserType | The user type does not exist when querying by user type. |
Params.Illegal.User.Uuid | The user UUID is invalid. |
Params.Illegal.Username.Equal.Phone | A username cannot be a mobile phone number. |
Params.Illegal.OauthClient.Client_Id | The client ID is invalid. |
Params.Illegal.OauthClient.Client_Secret | The client secret is invalid. |
Params.Illegal.OauthClient.Grant_Type | The Grant_Type value is invalid. |
Params.Illegal.AuthenticateInformation.EnterpriseAuthId | The authentication source ID is invalid. |