Direct Auth and OAuth methods in @authrim/web return an AuthResponse<T> — a discriminated union that makes error handling type-safe and consistent:
| { data : T ; error : null }
| { data : null ; error : AuthError };
For these methods, check error first, then use data:
const { data , error } = await auth . passkey . login ();
console . error (error . message );
// TypeScript knows data is non-null here
Protected-resource helpers such as auth.stepUp, auth.customerProfiles, auth.devices, and auth.fetch() call HTTP APIs directly. Use try/catch around those methods when you need to handle request failures.
/** Authrim error code (e.g., 'AR003002') */
/** OAuth 2.0 error code (e.g., 'user_cancelled') */
/** Human-readable error message */
/** Whether the operation can be retried */
/** Error severity level */
severity : ' info ' | ' warn ' | ' error ' | ' critical ' ;
Error codes follow the pattern AR{domain}{number}:
Prefix Domain Examples AR001Session / Auth Session errors AR002Email Code Send/verify errors AR003Passkey (WebAuthn) Ceremony errors AR004Social Login Provider/callback errors AR005OAuth / OIDC Token/callback errors
Level Meaning Typical Action infoExpected state (e.g., not authenticated) Update UI normally warnRecoverable issue (e.g., silent auth failed) Log and continue errorFailed operation (e.g., invalid code) Show error message criticalUnexpected failure (e.g., server error) Show error + suggest retry
showMessage ( ' Something went wrong. Please try again. ' );
showMessage (error . message );
// Don't offer retry — issue needs user action
const { data , error } = await auth . passkey . login ();
showErrorMessage (error . message );
const { data , error } = await auth . emailCode . verify (email , code);
await auth . emailCode . send (email);
showMessage ( ' Code expired. A new code has been sent. ' );
showMessage ( ' Incorrect code. Please try again. ' );
showMessage ( ' Too many attempts. Please wait before trying again. ' );
showMessage (error . message );
function handleAuthError ( error : AuthError ) {
switch (error . severity ) {
// Not really an error — expected state
console . log (error . message );
// Recoverable — log but don't alert
console . warn ( ` [ ${ error . code } ] ${ error . message } ` );
showToast (error . message , ' error ' );
// Show prominently + log for debugging
showAlert (error . message );
async function loginWithRetry ( maxRetries = 2 ) {
for ( let attempt = 0 ; attempt <= maxRetries; attempt ++ ) {
const { data , error } = await auth . passkey . login ();
if ( ! error . retryable || attempt === maxRetries) {
showMessage (error . message );
// Brief delay before retry
await new Promise ( resolve => setTimeout (resolve , 1000 ));
Code Error Retryable Description AR003000passkey_errorVaries General passkey error AR003001webauthn_not_supportedNo Browser does not support WebAuthn AR003002user_cancelledYes User cancelled the ceremony AR003003credential_not_foundNo No matching credential AR003004authenticator_errorYes Authenticator device error AR003005server_validation_failedYes Server rejected the credential
Code Error Retryable Description AR002000email_code_errorVaries General email code error AR002001invalid_emailNo Invalid email format AR002002rate_limitedNo Too many send requests AR002003code_expiredNo Verification code expired AR002004invalid_codeYes Wrong code entered AR002005max_attemptsNo Too many failed verifications
Code Error Retryable Description AR004001provider_not_configuredNo Provider not set up AR004002popup_blockedNo Browser blocked the popup AR004003user_deniedYes User denied consent AR004004provider_errorYes Provider returned an error AR004005callback_failedNo Callback validation failed
Code Error Retryable Description AR005001oauth_callback_errorNo Callback handling failed AR005002silent_auth_failedNo Silent authentication failed AR005003no_tokensNo No tokens received AR005004popup_login_errorYes Popup login failed
Create a reusable error handler for your application:
function handleError ( error : AuthError , context : string ) {
console . error ( ` [ ${ context } ] ${ error . code } : ${ error . message } ` );
if (error . severity === ' critical ' ) {
showAlert ( ' An unexpected error occurred. Please try again later. ' );
} else if (error . severity === ' error ' ) {
showToast (error . message );
trackError ({ code: error . code , context , severity: error . severity });
const { data , error } = await auth . passkey . login ();
handleError (error, ' passkey-login ' );