Authorization Errors

In the following, the possible authorization errors are explained.

 

(Device) Authorization Endpoint

HTTP Status Codes

Code Short Description Long Description
302 Found Redirection
400 Bad Request e.g. in case of invalid or missing request parameters
503 Service Unavailable Backend service currently not available, e.g. Developer Portal

 

Error Cases

Error Cause Code Error Error Description Redirection JSON
Backend service currently not available, e.g. Developer Portal 503 temporarily_unavailable Backend service currently not available  
Invalid request, client ID is missing 400 invalid_request missing or invalid request parameters  
Repeated request parameter 400 invalid_request repeated request parameters  
Invalid client ID or redirect URI 400 unauthorized_client request rejected by client authorization authority (developer portal)  
Client is not allowed to access production server 400 unauthorized_client client not authorized for server access  
Client is not allowed to use this OAuth flow 400 unauthorized_client client not authorized for this oauth flow (grant_type)  
No redirect URI is defined in developer portal 400 unauthorized_client client has no redirect URI defined  
Invalid request, response type is missing 302 invalid_request missing or invalid request parameters  
Unsupported response type 302 unsupported_response_type given response_type not supported  
Invalid HC account - please check configured test account 302 unauthorized_client client has limited user list - user not assigned to client  
Invalid scope 302 invalid_scope given scope doesn't match requested scope  
Login aborted 302 access_denied login aborted by the user  
Grant operation aborted 302 access_denied grant operation aborted by the user  

Redirection Example

<redirect_uri>?error=access_denied&error_description=login+aborted+by+the+user

JSON Example


{
    "error": "unauthorized_client",
    "error_description": "request rejected by client authorization authority (developer portal)"
}

 

Access Token Endpoint

HTTP Status Codes

Code Short Description Long Description
400 Bad Request e.g. invalid, missing or duplicate parameters
403 Forbidden e.g. invalid user or terms of use must be accepted
415 Unsupported Media Type The request's Content-Type is not supported, expected: application/x-www-form-urlencoded
503 Service Unavailable Backend service currently not available, e.g. Developer Portal

 

Error Cases

Error Cause Code Error Error Description
Backend service currently not available, e.g. Developer Portal 503 temporarily_unavailable Backend service currently not available
Missing parameter, e.g. client id, code or grant_type 400 invalid_request missing or invalid request parameters
Repeated request parameter 400 invalid_request repeated request parameters
Client ID and client secret is used in Basic Auth header and request body 400 invalid_request Multiple authorization methods found
Unsupported grant type 400 unsupported_grant_type grant method not supported
Invalid auth code or client ID 400 invalid_grant invalid authorization_code
Client is not allowed to access production server 400 unauthorized_client client not authorized for server access
Invalid client secret 400 unauthorized_client client secret validation failed
Client is not allowed to use this OAuth flow 400 unauthorized_client client not authorized for this oauth flow (grant_type)
Authorization request is still pending 400 authorization_pending authorization request is still pending as the end-user hasn't yet completed the user interaction steps
Client is polling too quickly 400 slow_down client is polling too quickly
Device code has expired or was used twice 400 expired_token device authorization session not found, expired or blocked
Missing or invalid redirect URI 400 invalid_grant incorrect redirect_uri parameter
Invalid refresh token or client was revoked in the Home Connect app 400 invalid_grant invalid refresh_token
Invalid scope, e.g. while the token is refreshed 400 invalid_scope given scope doesn't match requested scope
Invalid HC account - please check configured test account 400 unauthorized_client used HC account is not authorized for this client
The user is currently or no longer found in the system. This may happen if user has been deregistered. 403 access_denied invalid user
The user has to accept new TOCs or DPTs in the Home Connect app. 403 access_denied terms of use must be accepted

Example


{
    "error": "invalid_grant",
    "error_description": "invalid refresh_token"
}