Work in progress list of error messages and codes
Generic error messages:
The following are error messages defined in the OAuth2 and OpenID Connect protocols. Some of them are very generic and can have many causes.
...
Error code
...
Meaning
...
invalid_request
...
The token request against HelseID was invalid. There are many possible causes for this error and you may have to contact NHN Kundesenter for more information. Some possible causes are: An invalid HTTP Method or Content Type was used (we expect POST and "application/x-www-form-urlencoded") or that an invalid authorization code was used.
...
invalid_client
...
The client was not authenticated properly. This error often occurs because the supplied secret was invalid, but it can also occur if an invalid Client ID was used.
...
invalid_grant
...
This error occurs if an invalid refresh token or authorization code is used, if the refresh token or authorization code has expired and in other cases where the supplied parameters are invalid. If using PKCE, make sure that it is used correctly and make sure that the supplied redirect uri is valid.
...
unauthorized_client
...
Usually indicates that the client is trying to use a grant type that is is not allowed to use or that a redirect uri is required but none was specified.
...
unsupported_grant_type
...
Indicates that the grant type parameter is missing or invalid for the client.
...
unsupported_response_type
...
This error should only occur if the response type parameter is missing.
...
invalid_scope
...
The client is either requesting scopes it is not allowed to access or it is requesting identity scopes when running in a machine-to-machine flow (client credentials).
Error messages related to organization number claims:
The following error codes are only relevant for clients passing either parent or child organization numbers to HelseID. The errors will return in the invalid_request error code, the error message will contain the error number and a text describing what went wrong.
...
Error number
...
Meaning
...
HID-1001
...
The supplied parent organization number is not in the whitelist for the client. The whitelist must be updated before the organization number is accepted.
...
HID-1002
...
The supplied child organization number is not in the whitelist for the client. The whitelist must be updated before the organization number is accepted.
...
HID-1003
...
The supplied parent organization was validated, but the organization has a whitelist of child organizations and this whitelist does not contain the child organization number. Whitelists of child organizations below a parent organization should not be used, so the whitelist must be removed.
...
HID-1004
...
The format of the organization number was incorrect. Valid organization numbers must be nine digits, no spaces or letters.
...
HID-1005
...
Support for passing parent organization numbers from the client to HelseID is not enabled. This functionality must be approved by NHN before it is enabled.
...
HID-1006
...
Support for passing child organization numbers from the client to HelseID is not enabled. This functionality must be approved by NHN before it is enabled.
...
HID-1007
...
The supplied request object or client assertion does not comply to the specification. See the error message for further details.
...
HID-1008
...
Clients using Shared Secrets for client authentication are rejected when passing organization numbers from the client. The client must be updated to use a private key for client authentication.
...
HID-1009
...
The client configuration is setup in a way that does not support passing organization number claims. You must contact NHN Kundesenter to fix this error. This error can occur if static client claims or an enterprise certificate is setup in a way that is not compatible with passirg organization numbers.
...
HID-1010
...
Dokumentet har blitt flyttet til Utviklerportalen.
This document has been moved. Please see the document at this page (English).