Depending on the complexity of your authentication setup, you or your users may occasionally encounter errors.
Here are some common error codes and troubleshooting steps.
Description
- Error coming back to Kinde while validating SAML response
Troubleshooting
- Check that the Assertion Consumer Service (ACS) URL is correct on the identity provider
Description
- The OAuth 2.0 response failed
- The token is valid, but the redirect is null
Description
- Error getting or reading the connected app configuration
Description
- Error getting custom SAML config while initializing SAML redirect
Description
- Error with authorization response
- The request is missing a required parameter, includes an invalid parameter value, includes a parameter more than once, or is otherwise malformed
Troubleshooting
- Missing nonce on implicit flow
- Redirect URI might not be with an https
- Only a localhost suffix can be used with http
- Error with workflow
Description
- Error exchanging token on connected app callback
Troubleshooting
- Check the redirect URLs for a mismatch
- Check the client credentials
Description
- Error decoding SAML response
- Response contains invalid characters for Base64 response
Description
- Cannot handle SAML callback
- The userProfile contains invalid values
Description
- OAuth 2.0 response failed because token is invalid and redirect ID is null
Description
- Handle Social OAuth 2.0 callback - error exchanging token
- Expired secrets for social provider
Troubleshooting
- Check the secret being used with your social provider and ensure that it hasn’t expired
Description
- Error reading config on OAuth 2.0 callback
Troubleshooting
- Check that the client credentials in both Kinde and IDP are correct
- Check that the redirect and callback URLs in both Kinde and IDP are correct
Description
- OAuth 2.0 response failed due to an invalid token
- Redirection was successful
Description
- Error configuring SAML provider
Troubleshooting
- Check that the settings in the Kinde enterprise connection are correct
- Check enterprise connection metadata URL, entity ID, certificate
Description
- SAML callback tokenInfo returned invalid data
Description
- Error configuring SAML provider on redirect
Troubleshooting
- Check the enterprise connection metadata URL
- Check that the IDP has the correct ACS URL
Description:
- Received browser trust token is different from the one stored in the login session
Troubleshooting
- Start the auth flow again from the sign in or log in button
- The user is trying to start a session in a new tab, browser, or device when there’s already a partially completed session in progress
- The user may have bookmarked the auth page when it’s partially completed, instead of bookmarking the initial sign in or log in page
Description
- Error getting custom SAML provider configuration
- RelayState is invalid or doesn’t exist
Troubleshooting
- Check the SAML callback URL
- Check the entity ID
- Check that the SAML IDP is returning a valid RelayState
Description
- Error getting authentication request while initializing SAML redirect
Troubleshooting
- Check the enterprise connection private key, certificate, and signature method
Description
- Disposable email detected while authenticating a user on sign up in a workflow
Description
- Error storing tokens with connected app
Troubleshooting
- Check the refresh token is valid