Edit Page

Overview

This document provides further information about the errors that the Okta API returns. The first table is listed by error code, and the second table is listed by HTTP return code.

Okta Error Codes Listed by Error Code

Error Code Description HTTP Return Code
E0000001 API validation failed. 400
E0000002 The request was not valid. 400
E0000003 The request body was not well-formed. 400
E0000004 Authentication failed. 401
E0000005 Invalid session. 403
E0000006 You do not have permission to perform the requested action. 403
E0000007 Not found. 404
E0000008 The requested path was not found. 404
E0000009 Internal Server Error. 500
E0000010 Service is in read-only mode. 503
E0000011 Invalid token provided. 401
E0000012 Unsupported media type. 404
E0000013 Invalid client app ID. 403
E0000014 Update of credentials failed. 403
E0000015 You do not have permission to access the feature you are requesting. 401
E0000016 Activation failed because the user is already active. 403
E0000017 Password reset failed. 403
E0000018 Bad request. Accept and/or Content-Type headers are likely not set. 400
E0000019 Bad request. Accept and/or Content-Type headers likely do not match supported values. 400
E0000020 Bad request. 400
E0000021 Bad request. Accept and/or Content-Type headers likely do not match supported values. 400
E0000022 The endpoint does not support the provided HTTP method. 404
E0000023 Operation failed because user profile is mastered under another system. 403
E0000024 Bad request. This operation on app metadata is not yet supported. 400
E0000025 App version assignment failed. 400
E0000026 This endpoint has been deprecated. 404
E0000027 Bad group push request. 400
E0000028 The request is missing a required parameter. 400
E0000029 Invalid paging request. Ensure the pagination cursor has not been altered 400
E0000030 Bad request. Invalid date. Dates must be of the form yyyy-MM-dd’‘T’‘HH:mm:ss.SSSZZ, e.g. 2013-01-01T12:00:00.000-07:00. 400
E0000031 Bad request. Invalid filter parameter. 400
E0000032 Unlock is not allowed for this user. 403
E0000033 Bad request. Can’t specify a search query and filter in the same request. 400
E0000034 Forgot password not allowed on specified user. 403
E0000035 Change password not allowed on specified user. 403
E0000036 Change recovery question not allowed on specified user. 403
E0000037 Type mismatch exception. 400
E0000038 This operation is not allowed in the user’s current status. 403
E0000039 Operation on application settings failed. 403
E0000040 Application label must not be the same as an existing application label. 400
E0000041 Credentials should not be set on this resource based on the scheme. 400
E0000042 Setting the error page redirect URL failed. 403
E0000043 Self-service application assignment is not enabled. 403
E0000044 Self-service application assignment is not supported. 403
E0000045 Field mapping bad request. 400
E0000046 Deactivate application for user forbidden. 403
E0000047 API call exceeded rate limit due to too many requests. 429
E0000048 Entity not found exception. 404
E0000049 Invalid SCIM data from SCIM implementation. 500
E0000050 Invalid SCIM data from client. 400
E0000051 No response from SCIM implementation. 500
E0000052 Endpoint not implemented. 501
E0000053 Invalid SCIM filter. 400
E0000054 Invalid pagination properties. 400
E0000055 Duplicate group. 409
E0000056 Delete application forbidden. 403
E0000057 Access to this application is denied due to a policy. 403
E0000058 Access to this application requires MFA. 403
E0000059 The connector configuration could not be tested. Make sure that the URL and Authentication Parameters are correct, and that there is an implementation available at the URL provided. 500
E0000060 Unsupported operation. 404
E0000061 Tab error. 403
E0000063 Invalid combination of parameters specified. 400
E0000064 Password is expired and must be changed. 401
E0000069 User Locked. 403
E0000081 Cannot modify the test attribute because it is a reserved attribute for this application. 400
E0000109 An SMS message was recently sent. Please wait 30 seconds before trying again. 429
E0000112 Cannot update this user because they are still being activated. Please try again in a few minutes. 409

Okta Error Codes Listed by HTTP Return Code

HTTP Return CodeError CodeDescription
400E0000001API validation failed.
E0000002The request was not valid.
E0000003The request body was not well-formed.
E0000018Bad request. Accept and/or Content-Type headers are likely not set.
E0000019Bad request. Accept and/or Content-Type headers likely do not match supported values.
E0000020Bad request.
E0000021Bad request. Accept and/or Content-Type headers likely do not match supported values.
E0000024Bad request. This operation on app metadata is not yet supported.
E0000025App version assignment failed.
E0000027Bad group push request.
E0000028The request is missing a required parameter.
E0000029Invalid paging request.
E0000030Bad request. Invalid date. Dates must be of the form yyyy-MM-dd''T''HH:mm:ss.SSSZZ, e.g. 2013-01-01T12:00:00.000-07:00.
E0000031Bad request. Invalid filter parameter.
E0000033Bad request. Can't specify a search query and filter in the same request.
E0000037Type mismatch exception.
E0000040Application label must not be the same as an existing application label.
E0000041Credentials should not be set on this resource based on the scheme.
E0000045Field mapping bad request.
E0000050Invalid SCIM data from client.
E0000053Invalid SCIM filter.
E0000054Invalid pagination properties.
E0000063Invalid combination of parameters specified.
E0000081Cannot modify the test attribute because it is a reserved attribute for this application.
401E0000004Authentication failed.
E0000011Invalid token provided.
E0000015You do not have permission to access the feature you are requesting.
E0000064Password is expired and must be changed.
403E0000005Invalid session.
E0000006You do not have permission to perform the requested action.
E0000013Invalid client app ID.
E0000014Update of credentials failed.
E0000016Activation failed because the user is already active.
E0000017Password reset failed.
E0000023Operation failed because user profile is mastered under another system.
E0000032Unlock is not allowed for this user.
E0000034Forgot password not allowed on specified user.
E0000035Change password not allowed on specified user.
E0000036Change recovery question not allowed on specified user.
E0000038This operation is not allowed in the user's current status.
E0000039Operation on application settings failed.
E0000042Setting the error page redirect URL failed.
E0000043Self-service application assignment is not enabled.
E0000044Self-service application assignment is not supported.
E0000046Deactivate application for user forbidden.
E0000056Delete application forbidden.
E0000057Access to this application is denied due to a policy.
E0000058Access to this application requires MFA.
E0000061Tab error.
E0000069User Locked.
404E0000007Not found.
E0000008The requested path was not found.
E0000012Unsupported media type.
E0000022The endpoint does not support the provided HTTP method.
E0000026This endpoint has been deprecated.
E0000048Entity not found exception.
E0000060Unsupported operation.
409E0000055Duplicate group.
E0000112Cannot update this user because they are still being activated. Please try again in a few minutes.
429E0000047API call exceeded rate limit due to too many requests.
E0000109An SMS message was recently sent. Please wait 30 seconds before trying again.
500E0000009Internal Server Error.
E0000049Invalid SCIM data from SCIM implementation.
E0000051No response from SCIM implementation.
E0000059The connector configuration could not be tested. Make sure that the URL and Authentication Parameters are correct, and that there is an implementation available at the URL provided.
501E0000052Endpoint not implemented.
503E0000010Service is in read-only mode.

OpenID Connect and Okta Social Authentication

In stituations where Okta needs to pass an error to a downstream application via a redirect_uri, the error code and description will be encoded as the query parameters error and error_description.

For example, if the redirect_uri is https://example.com, then the ACCESS_DENIED error would be passed as follows:

https://example.com?error=access_denied&error_description=The%20resource%20owner%20or%20authorization%20server%20denied%20the%20request.
error error_description
unauthorized_client The client is not authorized to request an authorization code using this method.
access_denied The resource owner or authorization server denied the request.
unsupported_response_type The authorization server does not support obtaining an authorization code using this method.
unsupported_response_mode The authorization server does not support the requested response mode.
invalid_scope The requested scope is invalid, unknown, or malformed.
server_error The authorization server encountered an unexpected condition that prevented it from fulfilling the request.
temporarily_unavailable The authorization server is currently unable to handle the request due to a temporary overloading or maintenance of the server.
invalid_client The specified client is not valid.
login_required The client specified not to prompt, but the user is not logged in.
invalid_request The request parameters are not valid.
user_canceled_request User canceled the social login request.