Skip to content

Error Handling

If an error occurs during OpenID Connect processing, an exception is thrown.

For example, if an invalid client ID is received, an InvalidClientException is thrown.

To manage OpenID exceptions securely and effectively, treat all exceptions uniformly rather than handling specific types separately.

This approach helps to:

  • Protect sensitive information and prevent attackers from gaining insights into your application.

  • Simplify code maintenance by avoiding multiple, complex exception-handling branches.

  • Provide a consistent user experience by showing a generic error page rather than exposing technical details.

Recommended handling steps:

  1. Log the exception for troubleshooting.
  2. Display a generic error page to the user, suggesting they try again.
  3. Understand the cause. Exceptions often indicate a configuration issue. If SSO was previously working, the problem may be due to changes at the client rather than an issue in your application.

Note

The generic error page should never expose technical details, exception messages, or stack traces, as these could reveal sensitive information about your application or OpenID configuration.