More granular error codes for more granular handling

Feature: More granular error codes for more granular handling


When a user authenticates to an application, they are redirected back to the application via the callback URL and sometimes the URL contains error information. For example:|taxbit-okta|00x48yvkflxrzI3PO4d6%20is%20not%20part%20of%20the%20org_x24s789Co19fz0H%20organization&state=XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX%3D%3D

This is fine, but we need an error code (probably in addition to access_denied) that is more specific about why access was denied.


We want to show an error description to the user that is specific to, for example, the not-an-org-member scenario but uses different wording than the error description in the URL. For example, rather than showing:

user okta|example|C00x48yvkflxrzI3PO4d6 is not part of the org_x24s789Co19fz0H

We want to show something like:

Ask an administrator of the organization to add you as a member or log out and log back into a different organization.

The problem is we can’t show our custom error message whenever error=access_denied because access_denied covers a broad array of errors. Likewise, we’d rather not try to determine if error_description is a specific value/pattern, because then we’re dependent on the English phrasing in the description, which may change at any time or may be a different language

Is there a recommended solution for such a case? What I’d really like to see is some sort of finer-grained error code that is specific to the case of the user not being a member of the organization. That would allow us to key off of a stable error code rather than regexing on English phrasing.

Thank you for considering!

Hey there!

Thanks for creating this feedback card! Make sure to upvote it so that it attracts as many community members as possible! We review those feedback cards on a monthly basis so will get back to you once we have any updates!