Error handling¶
How to handle user cancellation¶
The end-user may cancel an ongoing authentication or signing session at any time, causing the user to be redirected back to the provided redirect uri for the merchant application.
The merchant application must be able to handle this callback and act accordingly.
Upon cancellation, the BankID OIDC will respond with a redirect containing the following query parameters:
?error=access_denied
&state=<some-state>
The state
parameter is the same as the one provided in the initial request, and should be used to correlate
the initial request and the callback response.
How to handle errors¶
If an error should happen during an ongoing authentication or signing session, several things might happen:
- The end-user may be presented with an error message (most likely an error code), and potentially a way to retry or return to the merchant application.
- If the error happens in the "right conditions", the end-user is able to be returned to the merchant application. Then it will return to the provided redirect uri with the same parameters as when a user cancels.
- In rare cases, a different
error
thanaccess_denied
anderror_description
parameter will be returned - if the situation allows it.
- In rare cases, a different
- Sometimes the error is so severe that the user is stuck on the BankID platform with no way to return to the merchant application.
If a BankID error code is detected, it will be listed in the error_description
parameter.
?error=access_denied
&error_description=bankid_error_codes:14ab
&state=<some-state>