Common errors

This section describes common errors that may be returned by the Authentication service.

SDK error codes

ClientInvalidUserState Returned when the player is not in the expected state. For example, calling SignOut when the player is already signed out will result in this error.

ClientNoActiveSession Returned when trying to sign in with a session token while there is no cached session token. Refer to the Session management and PlayerPrefs sections for more information on how and where a session token is saved.

ClientUnlinkExternalIdNotFound Returned when a player tries to unlink a social account but no external ID for that provider is found for the account. This could be because the player info has not been loaded.

ClientInvalidProfile Returned when a player tries to switch profile but the profile name is invalid. Refer to the Profile management section for more information.

InvalidParameters Returned when a parameter is missing or not in the right format.

AccountAlreadyLinked Returned when a player tries to link a social account that is already linked with another player.

AccountLimitExceeded Returned when a player tries to link a social account but this player has already reached the limit of links for that account type. Social platform account linking is typically limited to one link per platform type per player.

InvalidSessionToken Returned when the session token is invalid.

BannedUser Returned when the request was understood but the user has been banned from logging in.

EnvironmentMismatch Returned when there is a mismatch between the requested environment and the one configured.

API error responses

Any errors returned by the service API are in the RFC 7807 format. For more details, refer to the RFC 7807 documentation.

When using the SDK, these errors will be logged to the console and can provide additional insights for debugging.

  • status: This is the HTTP status code.
  • title: This is a custom error code defined by the Authentication Service.
  • detail: This is a human readable message that may include details about what the issue is. This field is intended for debugging purposes during development.

For error code paths, only determine the subsequent action using the status or title fields. Do not use the detail field to determine subsequent code paths.

If the status is in the 400-499 range, it is likely the error is on the client and most likely there are steps you can take to rectify the issue, be it in the API calls to Unity Authentication or in the authentication via Platform specific providers. Please check the API inputs to make sure they are correct.

By looking at the detail field you can find further description at the issue at hand. Below you can find the most common errors by description and the steps you can take to try and fix them.

Detail:

  • token is expired
  • not valid yet
  • token issued at claim is in the future

Description: These errors indicate that the token is not valid at this current moment, whether it’s because the token was issued for a time period later or earlier than now.

Steps to fix:

  1. Refresh the external token
  2. Sign in or link again.

Detail:

  • invalid audience

Description: This usually applies to ID Token based authentication. It indicates there is a mismatch between the application or client ID you registered with Unity Authentication and the application ID listed on the token, which is usually in the audience field.

Steps to fix:

  1. Check the Identity Providers section for the relevant ID provider and take note of the expected format for the application or client ID.
  2. Verify if the application or client ID you registered within Unity Authentication in the Editor Settings page or Unity Cloud Dashboard matches the one from your identity provider.

Note: Sometimes the ID Provider provides multiple application ids in different formats, and inputting the incorrect type will lead to this error.

Detail:

  • invalid issuer
  • invalid signature

Description: These errors indicate that the ID token was not issued by the expected source.

Steps to fix:

  1. Verify how and where the ID token was fetched from, and if it matches what Unity Authentication supports.

Detail:

  • malformed token
  • validation failed
  • invalid token

Description: This indicates there was some issue with the token input.

Steps to fix:

  1. Verify if the token is the expected token type for the ID Provider.
  2. Verify if the token is manipulated in any way after fetching it from the ID Provider. Generally speaking, tokens should not be manipulated.
  3. Get a new token.

Android-specific errors

Android Network Error SSL CA certificate Error. Only TLS version 1.2 and above are supported for Android devices. TLS 1.2 is supported by Android API levels 16+ and enabled by default on 20+.

Unity logo Documentation
Copyright © 2025 Unity Technologies
"Unity", Unity logos, and other Unity trademarks are trademarks or registered trademarks of Unity Technologies or its affiliates in the U.S. and elsewhere (more info here). Other names or brands are trademarks of their respective owners.