Common Authentication Errors
The actions or input data of your users, during the sign up or the log in processes, might trigger errors. This article lists the most common errors that you might get, if you use any of the Auth0 libraries for authentication.
Sign up
In the case of a failed signup, the most common errors are:
Error | Description |
---|---|
user_exists | The user you are attempting to sign up has already signed up |
username_exists | The username you are attempting to sign up with is already in use |
unauthorized | If you cannot sign up for this application. May have to do with the violation of a specific rule |
invalid_password | If the password used doesn't comply with the password policy for the connection |
password_dictionary_error | The chosen password is too common |
password_no_user_info_error | The chosen password is based on user information |
password_strength_error | The chosen password is too weak |
Log in
In the case of a failed login, the most common errors are:
Error | Description |
---|---|
unauthorized | The user you are attempting to sign in with is blocked |
too_many_attempts | The account is blocked due to too many attempts to sign in |
password_leaked | If the password has been leaked and a different one needs to be used |
mfa_required | The user must provide the multifactor authentication code to authenticate |
mfa_registration_required | The administrator has required multifactor authentication, but the user has not enrolled |
mfa_invalid_code | The multifactor authentication code provided by the user is invalid/expired |
PasswordStrengthError | The password provided does not match the connection's strength requirements |
PasswordHistoryError | The password provided for sign up/update has already been used (reported when password history feature is enabled) |
invalid_user_password | The username and/or password used for authentication are invalid |
access_denied | When using web-based authentication, the resource server denies access per OAuth2 specifications |