useMtls was set to true but the authorization server's discovery
document does not advertise mtls_endpoint_aliases.
RFC 8705 certificate-bound tokens require that token requests are sent to
the mTLS-specific endpoint. Without mtls_endpoint_aliases in discovery,
the SDK cannot route requests correctly and refuses to proceed rather than
silently issuing non-certificate-bound tokens.
useMtls was set to true alongside a clientSecret or
clientAssertionSigningKey, which are mutually exclusive with mTLS.
mTLS replaces secret-based client authentication entirely. Providing both creates ambiguity and likely indicates a misconfiguration.
useMtls was set to true but no customFetch implementation was provided.
mTLS requires a TLS-aware fetch replacement (e.g. using Node.js undici
with a client certificate) because the standard fetch global has no API
for attaching client certificates. The SDK cannot enforce mTLS without it.
Error codes for mTLS (Mutual TLS) related errors.
These error codes categorize failures that can occur during mTLS configuration or operation.