Skip to content

Instantly share code, notes, and snippets.

@trungly1

trungly1/oauth_errors.md

Last active April 15, 2026 15:39
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save trungly1/e2cf009a77ae01dc380f2c6fd9b68cd1 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save trungly1/e2cf009a77ae01dc380f2c6fd9b68cd1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
oauth_errors.md

Note

Useful information that users should know, even when skimming content.

Tip

Helpful advice for doing things better or more easily.

Important

Key information users need to know to achieve their goal.

Warning

Urgent info that needs immediate user attention to avoid problems.

Caution

Advises about risks or negative outcomes of certain actions.

Tips for collapsed sections

You can add a header

You can add text within a collapsed section.

You can add an image or a code block, too.

   puts "Hello World"

Authentication Error Guide

Wrong Environment

Using a production authorization URL with a trial (or mismatched) client.

  • Error Message: Client not found
  • Client ID: devp-v2-demo-dasxtrial-b69ffe954c5cd33c57a79a94780eb2ab (belongs to trial based on devp-v2-demo)
  • Authorization URL used:
    https://auth.lsk-prod.app/realms/k-series/protocol/openid-connect/auth?response_type=code&client_id=devp-v2-demo-dasxtrial-b69ffe954c5cd33c57a79a94780eb2ab&scope=financial-api&redirect_uri=https%3A%2F%2Flocalhost%2F

Incorrect Redirect URI

The redirect_uri used in the authorization request is not registered for the API client.

Possible Issues:

  • The redirect_uri may contain a typo or formatting mismatch

  • The redirect_uri must exactly match one of the registered values, including the trailing slash

  • Error Message: Invalid parameter: redirect_uri

  • Details:

    • redirect_uri used: https://localhost
    • Registered redirect URI: https://localhost/

Invalid Scope

One or more requested scopes are invalid or not enabled for the client.

Requirements:

  • Scope names must exactly match the values configured on the server
  • Multiple scopes must be space-delimited before URL encoding

Error URL:

https://localhost/?error=invalid_scope&error_description=Invalid+scopes%3A+financial-api+items+offline_access+orders-api&iss=https%3A%2F%2Fauth.lsk-prod.app%2Frealms%2Fk-series

Example of invalid scope values:

  • financial_api ❌ should be financial-api
  • items-api ❌ should be items

Valid scopes configured for this client include:

  • financial-api
  • orders-api
  • items
  • offline_access
  • staff-api

Incorrect K-Series User Credentials

Possible Issues:

  • Username or password is incorrect
  • Using production credentials in trial (or vice versa)
  • The login credentials are invalid for the selected product

During Token Exchange

Invalid Code Grant

Possible Causes:

  • Authorization code expired (≈15 seconds)
  • Code has already been used
  • Code is malformed or invalid

Response:

{
  "error": "invalid_grant",
  "error_description": "Code not valid"
}

Invalid Client or Invalid Client Credentials

Possible Causes:

  • Missing Authorization header (Basic base64 encoded)
  • Malformed or incorrect client credentials

Response:

{
  "error": "invalid_client",
  "error_description": "Invalid client or Invalid client credentials"
}

Incorrect Redirect URI

Possible Causes:

  • Redirect URI does not exactly match the one used during authorization
  • Redirect URI contains a typo

Response:

{
  "error": "invalid_grant",
  "error_description": "Incorrect redirect_uri"
}

During Refresh Token Exchange

Invalid Refresh Token

Possible Causes:

  • Refresh token expired
  • Refresh token is invalid
  • Refresh token is malformed or contains a typo
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment