OpenID Connect checklist

 In case you get an error message when going through the OpenID Flow the checklist below might be beneficial for you. The checklist assumes that you have read the documentation and that you've followed our recommendation on how to send the requests. If you haven't done so, please read it here 

You need to check the following, to ensure you will successfully implement OpenID Connect

Number Checklist

Description of solution

1 Is the  redirect_uri whitelisted?

Have you used a redirect_uri that has been whitelisted at MobilePay? You can only use the redirect_uri that has been whitelisted. If it has not been whitelisted, you should write to in order for it to be whitelisted.

You cannot use an redirect_uri that hasn’t been whitelisted by us. 


 Is the redirect_uri a https?

It should always be https (unless it is local host) otherwise you'll receive an error message



Do you use the same redirect_uri?


The URL’s need to be both on authorize and token requests 


Do you use the correct clientSecret and clientID


You should use the  clientID and ClientSecret from the zip file when getting/renewing access token

You should not use the x-ibm-client-id from the developer portal when doing your OpenID Connect requests. 

5 Do you use the correct scopes?

You should use the following for each product 

  • Invoice invoice transactionreporting openid offline_access 
  • Subscriptions subscriptions transactionreporting openid offline_access 
6 Is the Code Challenge correct?


 The code challenge must be within these requirements:
  • CodeChallengeMinLength = 43
  • CodeChallengeMaxLength = 128

You can see more about the code challenge here

7.  Do you use the code within 5 minutes? The code has a lifetime of 5 minutes and can only be used once.  Successive token requests with the same code will result in error and invalidation of previously accessed tokens. luck? If that doesn't help you, please send us a report, as demonstrated here.


common errors:

invalid_client The specified client ID is invalid
invalid_grant The specified grant is invalid, expired, revoked, or doesn't match the redirect URI used in the authorization request
invalid_request The request is missing a necessary parameter or the parameter has an invalid value
invalid_scope The scopes list contains an invalid or unsupported value 
unsupported_response_type  The specified response type is invalid or unsupported 
unsupported_response_mode The specified response mode is invalid or unsupported.