Error handling

How to handle user cancellation

The end-user may cancel an ongoing authentication or signing session at any time, causing the user to be redirected back to the provided redirect uri for the merchant application.

The merchant application must be able to handle this callback and act accordingly.

Upon cancel, the BankID OIDC will respond with a redirect containing the following query parameters:

  • error=access_denied
  • state=<merchant-state-value-given-in-initial-request>
  • (optional) error_description=bankid_error_codes:C301

The field error_description may contain a list of BankID Error codes to help merchants in understanding what errors happened in the session.

How to handle errors

If an error should happen during an ongoing authentication or signing session, several things might happen:

  • The end-user may be presented with an error message (most likely an error code), and potentially a way to retry or cancel and return to the merchant application. 
    • error will generally contain access_denied, unless bad/illegal parameters are given in the Authorization Request.
    • In this case, any BankID error codes will be listed in error_description as above.
  • Sometimes the error is so severe that the user is stuck on the BankID platform with no way to return to the merchant application.