Common Authentication Errors

The actions or input data of your users, during the sign up or the log in processes, might trigger errors. This article lists the most common errors that you might get, if you use any of the Auth0 libraries for authentication.

Application configurations

Sign up

In the case of a failed signup, the most common errors are:

Error Description
invalid_password If the password used doesn't comply with the password policy for the connection
invalid_signup The user your are attempting to sign up is invalid
password_dictionary_error The chosen password is too common
password_no_user_info_error The chosen password is based on user information
password_strength_error The chosen password is too weak
unauthorized If you cannot sign up for this application. May have to do with the violation of a specific rule
user_exists The user you are attempting to sign up has already signed up
username_exists The username you are attempting to sign up with is already in use

Implementation checklists

Log in

In the case of a failed login, the most common errors are:

Error Description
access_denied When using web-based authentication, the resource server denies access per OAuth2 specifications
invalid_user_password The username and/or password used for authentication are invalid
mfa_invalid_code The OpenID Connect (OIDC)multi-factor authentication (MFA) code provided by the user is invalid/expired
mfa_registration_required The administrator has required multi-factor authentication, but the user has not enrolled
mfa_required The user must provide the multi-factor authentication code to authenticate
password_leaked If the password has been leaked and a different one needs to be used
PasswordHistoryError The password provided for sign up/update has already been used (reported when password history feature is enabled)
PasswordStrengthError The password provided does not match the connection's strength requirements
too_many_attempts The account is blocked due to too many attempts to sign in
unauthorized The user you are attempting to sign in with is blocked