The base class for errors thrown by API route handlers. It extends AuthError.

Because part of the error message can come from the OpenID Connect error query parameter we do some basic escaping which makes sure the default error handler is safe from XSS.

IMPORTANT If you write your own error handler, you should not render the error message without using a templating engine that will properly escape it for other HTML contexts first.

See

  • the cause property contains the underlying error. IMPORTANT When this error is from the Identity Provider (IdentityProviderError) it can contain user input and is only escaped using basic escaping for putting untrusted data directly into the HTML body. You should not render this error without using a templating engine that will properly escape it for other HTML contexts first.
  • the status property contains the HTTP status code of the error, if any.

Hierarchy

Constructors

Properties

Constructors

Properties

cause?: Error

The underlying error, if any.

IMPORTANT When this error is from the Identity Provider (IdentityProviderError) it can contain user input and is only escaped using basic escaping for putting untrusted data directly into the HTML body.

You should not render this error without using a templating engine that will properly escape it for other HTML contexts first.

code: string

A machine-readable error code that remains stable within a major version of the SDK. You should rely on this error code to handle errors. In contrast, the error message is not part of the API and can change anytime. Do not parse or otherwise rely on the error message to handle errors.

name: string

The error class name.

status?: number

The HTTP status code, if any.