Skip to content

Commit

Permalink
Merge pull request #318 from govuk-one-login/error-message-page
Browse files Browse the repository at this point in the history 
tests out partials for error messages
  • Loading branch information
@PippaClarkGDS
PippaClarkGDS authored Feb 5, 2025
2 parents 3daf077 + e9b2790 commit 6416456
Show file tree
Hide file tree
Showing 6 changed files with 60 additions and 20 deletions.
26 changes: 26 additions & 0 deletions source/error-messages.html.md.erb
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,26 @@
---
title: Error messages
weight: 88
last_reviewed_on: 2025-01-21
review_in: 6 months
---

# Error messages

This page collates the error messages from GOV.UK One Login.

## Error messages from the `/authorize` endpoint

<%= partial "partials/authorize-errors" %>

## Error messages from the `/userinfo` endpoint

<%= partial "partials/userinfo-errors" %>

## Error messages from the `/token` endpoint

<%= partial "partials/token-errors" %>


<%= partial "partials/links" %>

25 changes: 5 additions & 20 deletions source/integrate-with-integration-environment/authenticate-your-user.html.md.erb
View file
Original file line number Diff line number Diff line change
Expand Up @@ -215,16 +215,8 @@ Location: https://YOUR_REDIRECT_URI?error=invalid_request
&state=1234
```

| Error | More information about your error |
|-------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `unauthorized_client` | In rare circumstances, such as a security incident, One Login may prevent users from logging in to your service. If this happens, the error code `unauthorized_client` will be returned with the error description `client deactivated`. When your service receives this error, you must show the user a custom error page to explain that they cannot use your service at the moment and should try again later. |
| `invalid_request` | The request has one or more of the following issues: <ul><li>missing a required parameter</li><li>includes an invalid parameter value</li><li>includes a parameter more than once</li><li>not in the correct format</li></ul><br>You can [check which parameters GOV.UK One Login supports when you make an authorisation request][integrate.make-authorization-request]. |
| `invalid_request - Request vtr not valid` | You've requested single factor authentication and identity information. To make a successful identity request, you must request two-factor authentication and the identity level of confidence, for example `Cl.Cm.P2`. |
| `invalid_scope` | The scope or scopes you have requested are invalid, unknown, or are not in the correct format.<br>You can read more about scopes in [choosing which user attributes your service can request][integrate.choose-user-attributes]. |
| `unsupported_response_type` | Your service is not registered for the requested `response_type`. <br>You must set the `response_type` to be code: `response_type=code`. |
| `server_error` | The GOV.UK One Login authentication server has experienced an internal server error. |
| `temporarily_unavailable` | If you're only making an authentication request (as opposed to requesting both authentication and identity), this error code means the GOV.UK One Login authentication server is temporarily unavailable, which might be caused by temporary overloading or planned maintenance. <br>Make your request again in a few minutes. <br> <br> If you're making an identity request and you get this error, it means the identity proving and verification does not currently have capacity for this request. |
| `access_denied` | GOV.UK One Login returns this error in 2 scenarios.<br><br>The first scenario is that the identity evidence your user provided has a lower score than the identity confidence specified in your request. As a result, GOV.UK One Login could not return the medium level of identity confidence (`P2`) and instead returned a lower level of identity confidence.<br><br> If you’re using return codes, you will not receive this error. Instead, GOV.UK One Login returns an array of single letter `returnCode` values through the `userinfo` endpoint. Find more information on [understanding the return codes claim](/integrate-with-integration-environment/prove-users-identity/#understand-your-user-s-return-code-claim).<br><br>The second scenario is that the session in the user’s browser is unavailable. This can happen when your user’s cookies have been lost or your user changed browsers during the identity verification process. In this scenario, you should ask your user to log in again or restart the identity verification process. |
<%= partial "partials/authorize-errors" %>


## Make a token request

Expand Down Expand Up @@ -401,13 +393,8 @@ Content-Type: application/json
}
```

| Error | More information about your error |
|--------------------------|---------------------------------------|
| `invalid_request` | The request is missing a parameter so the server cannot proceed with the request. This error may also be returned if the request includes an unsupported parameter or repeats a parameter.<br><br>Review your parameters and check they are supported and not repeated. |
| `invalid_client` | Client authentication failed, which could be caused by the request containing an invalid `client_id` or an issue in validating the signature of the `client_assertion`. <br><br>To resolve, check:<br><ul><li>your `client_id` matches the `client_id` you received when you [registered your service to use GOV.UK One Login][integrate.register-your-service]</li><li>you have signed your `client_assertion` JWT with the private key generated when you [registered your service to use GOV.UK One Login][integrate.register-your-service]</li><li>your service uses a [key signing algorithm which GOV.UK One Login supports](https://oidc.account.gov.uk/.well-known/openid-configuration) |
| `invalid_grant` | The authorisation code is invalid or expired. This is also the error which would return if the redirect URL given in the authorisation request does not match the URL provided in this access token request. |
| `unauthorized_client` | The application is successfully authenticated, but it's not registered to use the requested [grant type](https://oauth.net/2/grant-types/). |
| `unsupported_grant_type` | The grant type is not supported by the server. |
<%= partial "partials/token-errors" %>


## Retrieve user information

Expand Down Expand Up @@ -471,9 +458,7 @@ WWW-Authenticate: Bearer error="invalid_token",
error_description="The Access Token expired"
```

| Error | More information about your error |
|-----------------|--------------------------------------|
| `invalid_token` | GOV.UK One Login denied your request as you have an invalid or missing bearer access token.<br><br>To proceed, you must use the authorisation header field to send the token as a [bearer token][external.bearer-token]. |
<%= partial "partials/userinfo-errors" %>

Once you’ve authenticated your user, you can continue with [proving your user’s identity][integrate.identity-proving].

Expand Down
Loading

0 comments on commit 6416456

Please sign in to comment.