Rate this page


Authenticator errors

The majority of error states encountered when using the Auth API are resolvable by user action. For example, an end user can resolve an incorrect password error by submitting the correct password.

Errors of this kind are expressed through the success field of the authentication flow response and the status, error, and errorDetail fields of the relevant identity authenticator. Such an error is typically an expected event during authentication processing; therefore, the server uses an HTTP 200 status code as it normally would.

For example, the following is an abbreviated login flow response to an incorrect password:

  "schemas": [
  "meta": {
    "resourceType": "login",
    "location": "https://example.com/authentication/login/ARH5F9B..."
  "followUp": {
    "type": "authorize",
    "$ref": "https://example.com/oauth/authorize/ARH5F9B..."
  "success": false,
  "urn:pingidentity:scim:api:messages:2.0:UsernamePasswordAuthenticationRequest": {
    "username": "horselover",
    "passwordExpiring": false,
    "status": "failure",
    "error": "invalidCredentials"

General errors

Certain error conditions cannot be resolved within the context of the current authentication flow. Such error responses are formatted as SCIM error messages, with a media type of application/json. The HTTP status code will be in the 400 or 500 range.

Field Type Provided? Description
schemas array always SCIM schemas used in the error message. The schemas array will always include the value urn:ietf:params:scim:api:messages:2.0:Error to identify the message as an error.
status number always The HTTP status code of the error. This will always be in the 400 or 500 range.
scimType string An error code defined by RFC 7644, section 3.12.
detail string A human-readable error description.

Example error:

  "schemas": [
  "status": 400,
  "scimType": "invalidValue",
  "detail": "The request has timed out"