SignoutInitiatorNotParticipant - Sign out has failed. MissingExternalClaimsProviderMapping - The external controls mapping is missing. NgcDeviceIsNotFound - The device referenced by the NGC key wasn't found. Don't attempt to validate or read tokens for any API you don't own, including the tokens in this example, in your code. Specifies how the identity platform should return the requested token to your app. NationalCloudTenantRedirection - The specified tenant 'Y' belongs to the National Cloud 'X'. Contact the app developer. The account must be added as an external user in the tenant first. InvalidRealmUri - The requested federation realm object doesn't exist. When the original request method was POST, the redirected request will also use the POST method. Your application needs to expect and handle errors returned by the token issuance endpoint. You might have to ask them to get rid of the expiration date as well. This exception is thrown for blocked tenants. Developer error - the app is attempting to sign in without the necessary or correct authentication parameters. The client application might explain to the user that its response is delayed because of a temporary condition. SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding. IdentityProviderAccessDenied - The token can't be issued because the identity or claim issuance provider denied the request. The authorization code exchanged for OAuth tokens was malformed. Retry the request. UserDisabled - The user account is disabled. Either an admin or a user revoked the tokens for this user, causing subsequent token refreshes to fail and require reauthentication. The app will request a new login from the user. This error is a development error typically caught during initial testing. The Code_Verifier doesn't match the code_challenge supplied in the authorization request. Authorization code is invalid or expired error SOLVED Go to solution FirstNameL86527 Member 01-18-2021 02:24 PM When I try to convert my access code to an access token I'm getting the error: Status 400. The request requires user consent. The scope requested by the app is invalid. The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime of {time}, which can't be extended. You may need to update the version of the React and AuthJS SDKS to resolve it. So far I have worked through the issues and I have postman as the client getting an access token from okta and the login page comes up, I can login with my user account and then the patient picker . A specific error message that can help a developer identify the root cause of an authentication error. error=invalid_grant, error_description=Authorization code is invalid or InvalidScope - The scope requested by the app is invalid. 2. Typically, the lifetimes of refresh tokens are relatively long.