Calling /login Endpoint Directly Results in Error "Missing client parameter"

Problem statement

This article details an issue where users see an increase in the number of failed login attempts with a description message “missing client parameter” and the log message is not clear.


This error occurs when the client is missing when visiting /login.


This can occur if users are hitting /login directly rather than going through /authorize. To avoid this, ensure that applications are only initiating logins via /authorize.

In the case where users may visit /login themselves, this can be solved by configuring a default login route. For more information, refer to Configure Default Login Routes.