Skip to content

Error handling

How to handle user cancellation

The end-user may cancel an ongoing authentication or signing session at any time, causing the user to be redirected back to the provided redirect uri for the merchant application.

The merchant application must be able to handle this callback and act accordingly.

Upon cancellation, the BankID OIDC will respond with a redirect containing the following query parameters:

?error=access_denied
&state=<some-state>

The state parameter is the same as the one provided in the initial request, and should be used to correlate the initial request and the callback response.

How to handle errors

If an error should happen during an ongoing authentication or signing session, several things might happen:

  • The end-user may be presented with an error message (most likely an error code), and potentially a way to retry or return to the merchant application.
  • If the error happens in the "right conditions", the end-user is able to be returned to the merchant application. Then it will return to the provided redirect uri with the same parameters as when a user cancels.
    • In rare cases, a different error than access_denied and error_description parameter will be returned - if the situation allows it.
  • Sometimes the error is so severe that the user is stuck on the BankID platform with no way to return to the merchant application.

If a BankID error code is detected, it will be listed in the error_description parameter.

?error=access_denied
&error_description=bankid_error_codes:14ab
&state=<some-state>