List of known errors


The app has set Special:OAuth/verified as a callback URL (a landing page after successful authorization), but the user arrived there without the URL parameters that should have been added to the callback URL after a successful authorization. If this error is shown right after clicking OK in the authorization dialog, that's probably an error with the OAuth server.

E002 / E003

(mwoauth-bad-request-invalid-action / mwoauth-bad-request-invalid-action-contact)
The user has been sent to a non-existent subpage of Special:OAuth. Probably a typo in the code of the OAuth app.


The OAuth request token was not found. This is the OAuth equivalent of a session loss / CSRF error - could be caused by timeout, token reuse, the app omitting some earlier authentication step, or the token store being misconfigured on the server or being unreliable.


The OAuth app is not currently approved by the admins. It might still be awaiting initial approval, or its approval was revoked.


The provided OAuth app ID is not recognized. This is probably a configuration error with the app.


The user is not allowed to use OAuth apps (blocked, using a blocked IP address etc).


The user does not have a central ID. This can happen on wikifarms which use some kind of single sign-on and not all local accounts are attached to a single sign-on account. E.g. in the case of CentralAuth this might mean that the user needs to go through Special:MergeAccount.


The request token has been used already. This is most likely a user error (trying to reload the authorization URL or using back button in the browser).


Trying to authorize with an OAuth/owner-only consumer. Owner-only consumers are pre-authorized so this action makes no sense. This is probably a programming or configuration error with the app.


The app secret is missing from the request. This is probably a programming error with the app.