Error Codes
Last updated
Was this helpful?
Last updated
Was this helpful?
During implementation, you may encounter various errors with Myinfo API. This can be caused by various reasons such as implementation issues, wrong input or environmental differences.
All Myinfo APIs will return a standard HTTP error code together with an error message. The error code/message may change from time to time but it can be used for debugging.
Troubleshooting and debugging of the APIs can be done in the following steps.
Identification of which API is not working and an error is being returned from Myinfo Servers (e.g /authorize, /token, /person) Errors cound also occur due to
Connectivity errors (ensure there is no firewall blocking)
Incorrect urls and path parameters
Once an error is returned from Myinfo API, note down the error message and status code and utilise below table to debug
If issue persists or unable to resolve the issue, please submit a request at
Error Code
Error Message
Reason
Remediation
302
Possible to have the following error codes in the 'error' attribute.
invalid_scope : Invalid scope was requested in authorize URL
access_denied: When user did not give consent
400
Invalid parameters sent in authorize URL
404
Invalid client_id sent in authorize URL
Verify if client_id used has been set to live in DPP and correct client_id was passed in url
440
You are not logged in, or your previous session has expired.
Verify session is still valid, expiry of 2mins and also verify that browser is passing session cookie during redirect
500
Unexpected error.
Error Code
Error Message
Reason
Remediation
400
No body found for POST request
Body was not sent in request
Verify body was sent in request
Invalid client_assertion
Missing jti in client_assertion
Missing sub in client_assertion
Invalid sub in client_assertion
Missing aud in client_assertion
Missing iat in client_assertion
Missing exp in client_assertion
Invalid exp in client_assertion
Duplicate client_assertion
Format of client_assertion is incorrect
Invalid client_assertion_type
Invalid client_assertion_type value passed in
Verify value is "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"
Error Retrieving JWKS
Error retrieving JWKS from Myinfo Servers
Ensure correct JWKS endpoint is configured onto DPP and is a public URL
Invalid JWKS
Missing valid sig key in JWKS
Missing valid enc key in JWKS
JWKS format is incorrect
Missing DPoP Proof
DPoP Proof JWT is missing in headers
Ensure DPoP Proof JWT is passed in correctly in HTTP headers
Missing {param} from headers
Missing mandatory param in the HTTP header
Missing {param} from body
Missing mandatory param in the HTTP body
401
Unauthorized.
App does not have access to this API
Ensure App is configured correctly and is live on DPP
Invalid DPoP Proof
Missing jkt in DPoP Proof
Invalid jkt in DPoP Proof
Missing htm in DPoP Proof
Invalid htm in DPoP Proof
Missing htu in DPoP Proof
Invalid htu in DPoP Proof
Invalid DPoP Proof JWT format
Invalid JWS Verification
Signature of DPoP or client_assertion is invalid
Verify private key used to sign client_assertion matches the sig key in JWKS
Verify kid in client_assertion header matches the corresponding kid in JWKS
Verify JWK in DPoP Proof header is the correct public key to verify the private key
404
Not found.
Invalid client_id passed to API
Verify App is configured correctly on DPP and correct client_id(ensure correct id is used in the correct environment) is used
500
Internal server error.
Unexpected error.
Error Code
Error Message
Reason
Remediation
400
Invalid Encyption key
Encryption key is of an Invalid format
Ensure JWKS has at least 1 encryption key with alg = 'ECDH-ES +A256KW' and use = 'enc'
Missing DPoP Proof
DPoP Proof JWT is missing in headers
Ensure DPoP Token is passed in correctly in HTTP headers
Duplicated DPoP-bound access_token
access_token has already been used
access_token is a one time use, ensure a new access_token is retrieved for every API call
Missing {param} from query parameters
Missing mandatory param in the query parameters
Missing {param} from headers
Missing mandatory param in the HTTP headers
401
Invalid DPoP Proof
Missing ath in DPoP Proof
Invalid ath in DPoP Proof
Missing jkt in DPoP Proof
Invalid jkt in DPoP Proof
Missing htm in DPoP Proof
Invalid htm in DPoP Proof
Missing htu in DPoP Proof
Invalid htu in DPoP Proof
Invalid DPoP Proof JWT format
403
DPoP-bound access_token aud doesn't match with requested url
access_token aud does not match resource being called
Verify correct access_token matching service being called is used
DPoP-bound access_token realm doesn't match with requested realm
access_token realm does not match resource being called
Verify correct access_token matching service being called is used
DPoP-bound access_token subject doesn't match with requested sub
access_token sub does not match uuid being requested in API
Verify the same uuid is requested as provided in access_token
DPoP-bound access_token scope doesn't match with requested attributes
access_token scope does not match scope being requested in API
Verify the same scope is requested as provided in access_token
DPoP-bound access_token invalid
access_token is of an invalid format
Verify the access_token passed in API request is correct and from /token response
404
Requested sub's data may not be available
Verify the access_token passed in API request is correct and from /token response
500
Internal server error.
Unexpected error.
Verify querystring parameters are correct as per specifications()
Verify client_assertion format are correct as per specifications() Utilize client_assertion Ensure client_assertion is signature is correct (Need to be signed with private key corresponding to sign key configured in JWKS) Ensure client_assertion is used only once per transactiont
Ensure JWKS is returned as a JSON object with this format () Ensure JWKS has at least 1 sign key with alg = 'ES256' and use = 'sig Ensure JWKS has at least 1 encryption key with alg = 'ECDH-ES +A256KW' and use = 'enc' Utilize
Verify specified mandatory param is passed in the HTTP header as per specifications ()
Verify specified mandatory param is passed in the HTTP header as per specifications ()
Verify DPoP Token format is correct as per specifications( Utilize Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)
Utilize Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header)
Verify specified mandatory param is passed in the query parameters as per specifications ()
Verify specified mandatory param is passed in the query parameters as per specifications ()
Verify DPoP Token format is correct as per specifications( Utilize Ensure DPoP is signature is correct (Need to be signed with private key corresponding to public key embedded in JWT header) Ensure DPoP is signed with the same private key used to create DPoP in /token call.