The base class for errors thrown by API route handlers. It extends AuthError.
Because part of the error message can come from the OpenID Connect
error query parameter we
do some basic escaping which makes sure the default error handler is safe from XSS.
IMPORTANT If you write your own error handler, you should not render the error message without using a templating engine that will properly escape it for other HTML contexts first.
The underlying error, if any.
IMPORTANT When this error is from the Identity Provider (IdentityProviderError) it can contain user input and is only escaped using basic escaping for putting untrusted data directly into the HTML body.
You should not render this error without using a templating engine that will properly escape it for other HTML contexts first.
A machine-readable error code that remains stable within a major version of the SDK. You should rely on this error code to handle errors. In contrast, the error message is not part of the API and can change anytime. Do not parse or otherwise rely on the error message to handle errors.
The error class name.
The HTTP status code, if any.