Error Response Format
All Sigma Auth API endpoints return errors in a standardized format following OAuth 2.0 conventions:
{
"error": "error_code",
"error_description": "Human-readable description of the error",
"error_uri": "https://sigmaidentity.com/docs/errors#error_code"
}
HTTP Status Codes
Status Code | Description |
---|---|
200 | Success |
400 | Bad Request - Invalid parameters |
401 | Unauthorized - Authentication required |
403 | Forbidden - Access denied |
404 | Not Found - Resource not found |
429 | Too Many Requests - Rate limit exceeded |
500 | Internal Server Error |
503 | Service Unavailable |
OAuth 2.0 Errors
Authorization Endpoint Errors
invalid_request
{
"error": "invalid_request",
"error_description": "Missing required parameter: client_id"
}
Common causes:
- Missing required parameters (
client_id
,redirect_uri
,response_type
) - Invalid parameter format
- Malformed request
unauthorized_client
{
"error": "unauthorized_client",
"error_description": "Client is not authorized to use this authorization grant type"
}
Common causes:
- Unregistered client ID
- Client not authorized for requested grant type
access_denied
{
"error": "access_denied",
"error_description": "User denied the authorization request"
}
Common causes:
- User clicked "Cancel" or "Deny"
- User failed authentication
- Account suspended
unsupported_response_type
{
"error": "unsupported_response_type",
"error_description": "Response type 'token' is not supported"
}
Common causes:
- Using unsupported response type (only
code
is supported)
invalid_scope
{
"error": "invalid_scope",
"error_description": "Requested scope 'admin' is not available"
}
Common causes:
- Requesting non-existent scope
- Requesting scope not authorized for client
server_error
{
"error": "server_error",
"error_description": "The authorization server encountered an unexpected condition"
}
temporarily_unavailable
{
"error": "temporarily_unavailable",
"error_description": "The authorization server is currently unable to handle the request"
}
Token Endpoint Errors
invalid_request
{
"error": "invalid_request",
"error_description": "Missing required parameter: code"
}
invalid_client
{
"error": "invalid_client",
"error_description": "Client authentication failed"
}
invalid_grant
{
"error": "invalid_grant",
"error_description": "Authorization code is invalid or expired"
}
Common causes:
- Expired authorization code (codes expire after 10 minutes)
- Code already used (codes are single-use)
- Invalid code format
unauthorized_client
{
"error": "unauthorized_client",
"error_description": "Client is not authorized to use this grant type"
}
unsupported_grant_type
{
"error": "unsupported_grant_type",
"error_description": "Grant type 'password' is not supported"
}
invalid_scope
{
"error": "invalid_scope",
"error_description": "Requested scope exceeds authorized scope"
}
Bitcoin Authentication Errors
Signature Verification Errors
invalid_signature
{
"error": "invalid_signature",
"error_description": "Bitcoin signature verification failed"
}
Common causes:
- Invalid signature format
- Signature doesn't match message
- Wrong private key used
invalid_timestamp
{
"error": "invalid_timestamp",
"error_description": "Signature timestamp is too old or too far in the future"
}
Common causes:
- System clock drift
- Replay attack attempt
- Timestamp format errors
invalid_public_key
{
"error": "invalid_public_key",
"error_description": "Public key is not a valid secp256k1 point"
}
Common causes:
- Malformed public key
- Wrong curve (not secp256k1)
- Corrupted key data
missing_auth_token
{
"error": "missing_auth_token",
"error_description": "X-Auth-Token header is required for Bitcoin authentication"
}
malformed_auth_token
{
"error": "malformed_auth_token",
"error_description": "Auth token format is invalid"
}
Expected format: sigma:address:signature_data
API-Specific Errors
User Info Endpoint
invalid_token
{
"error": "invalid_token",
"error_description": "Access token is invalid or expired"
}
insufficient_scope
{
"error": "insufficient_scope",
"error_description": "Token does not have required scope for this resource"
}
Backup Service Errors
backup_not_found
{
"error": "backup_not_found",
"error_description": "No backup found for this user"
}
backup_too_large
{
"error": "backup_too_large",
"error_description": "Backup size exceeds maximum allowed limit of 1MB"
}
invalid_backup_format
{
"error": "invalid_backup_format",
"error_description": "Backup data is not properly formatted"
}
encryption_required
{
"error": "encryption_required",
"error_description": "Backup data must be encrypted before storage"
}
Rate Limiting Errors
rate_limit_exceeded
{
"error": "rate_limit_exceeded",
"error_description": "Too many requests. Please try again later.",
"retry_after": 60
}
Response Headers:
X-RateLimit-Limit: 100
X-RateLimit-Remaining: 0
X-RateLimit-Reset: 1642248600
Retry-After: 60
Provider-Specific Errors
Google OAuth Errors
google_auth_failed
{
"error": "google_auth_failed",
"error_description": "Google authentication was unsuccessful",
"provider_error": "access_denied"
}
GitHub OAuth Errors
github_auth_failed
{
"error": "github_auth_failed",
"error_description": "GitHub authentication was unsuccessful",
"provider_error": "application_suspended"
}
Error Handling Strategies
Client-Side Error Handling
interface SigmaAuthError {
error: string;
error_description: string;
error_uri?: string;
retry_after?: number;
provider_error?: string;
}
class SigmaAuthClient {
async handleError(response: Response): Promise<never> {
const error: SigmaAuthError = await response.json();
switch (error.error) {
case 'rate_limit_exceeded':
const retryAfter = error.retry_after || 60;
throw new RateLimitError(error.error_description, retryAfter);
case 'invalid_grant':
// Authorization code expired or invalid
throw new AuthorizationError(error.error_description);
case 'access_denied':
// User denied access
throw new AccessDeniedError(error.error_description);
case 'invalid_signature':
// Bitcoin signature verification failed
throw new SignatureError(error.error_description);
default:
throw new SigmaAuthError(error.error, error.error_description);
}
}
}
Retry Logic
const retryWithBackoff = async (
operation: () => Promise<Response>,
maxRetries: number = 3
): Promise<Response> => {
for (let attempt = 1; attempt <= maxRetries; attempt++) {
try {
const response = await operation();
if (response.ok) {
return response;
}
if (response.status === 429) {
// Rate limited - check retry-after header
const retryAfter = response.headers.get('retry-after');
const delay = retryAfter ? parseInt(retryAfter) * 1000 : Math.pow(2, attempt) * 1000;
if (attempt < maxRetries) {
await new Promise(resolve => setTimeout(resolve, delay));
continue;
}
}
if (response.status >= 500 && attempt < maxRetries) {
// Server error - retry with exponential backoff
const delay = Math.pow(2, attempt) * 1000;
await new Promise(resolve => setTimeout(resolve, delay));
continue;
}
return response;
} catch (error) {
if (attempt === maxRetries) {
throw error;
}
// Network error - retry with exponential backoff
const delay = Math.pow(2, attempt) * 1000;
await new Promise(resolve => setTimeout(resolve, delay));
}
}
throw new Error('Max retries exceeded');
};
Error Recovery
const authenticateWithRecovery = async (provider: string) => {
try {
return await authenticate(provider);
} catch (error) {
if (error instanceof AuthorizationError) {
// Clear stored authorization code and retry
clearStoredAuthCode();
return await authenticate(provider);
}
if (error instanceof SignatureError) {
// Regenerate signature with current timestamp
return await authenticateWithNewSignature(provider);
}
if (error instanceof RateLimitError) {
// Wait for rate limit to reset
await new Promise(resolve =>
setTimeout(resolve, error.retryAfter * 1000)
);
return await authenticate(provider);
}
throw error;
}
};
Debugging Errors
Enable Debug Mode
// Client-side debugging
localStorage.setItem('sigma_debug', 'true');
// This will log additional error details to console
Error Logging
const logError = (error: SigmaAuthError, context: any) => {
const errorData = {
error: error.error,
description: error.error_description,
timestamp: new Date().toISOString(),
context: context,
userAgent: navigator.userAgent,
url: window.location.href
};
// Send to logging service
console.error('Sigma Auth Error:', errorData);
};
Common Debugging Steps
- Check Network Tab: Verify request/response details
- Validate Parameters: Ensure all required parameters are present
- Check Timestamps: Verify system clock is synchronized
- Test with Sandbox: Use sandbox environment for testing
- Verify Signatures: Use debug tools to validate signature generation
Error Prevention
Best Practices
- Validate Input: Check parameters before making API calls
- Handle Timeouts: Implement proper timeout handling
- Store State Securely: Protect OAuth state parameters
- Synchronize Clocks: Ensure accurate timestamps
- Monitor Rate Limits: Track API usage to avoid limits
Pre-flight Validation
const validateAuthRequest = (params: AuthParams): void => {
if (!params.client_id) {
throw new Error('client_id is required');
}
if (!params.redirect_uri) {
throw new Error('redirect_uri is required');
}
if (!isValidUrl(params.redirect_uri)) {
throw new Error('redirect_uri must be a valid HTTPS URL');
}
if (params.provider && !['sigma', 'google', 'github'].includes(params.provider)) {
throw new Error('Invalid provider specified');
}
};
Support
For additional help with errors:
- Documentation: https://sigmaidentity.com/docs
- Support Email: support@sigmaidentity.com
- Discord: https://discord.gg/sigmaauth
- GitHub Issues: https://github.com/b-open-io/sigma-auth/issues