When you integrate with the FIDO or Push APIs, you encounter error codes that are either missing from documentation or require clarification regarding their usage in the current version of the platform.

You see one of the following errors:

• 3001101 Invalid Flow State Id
• {"errorCode": "0000010", "errorMessage": "Invalid X-Flow-State header"}

IDSP 4.0.1

These errors occur due to the usage of legacy mechanisms or specific validation failures within the Authentication Manager (authmgr) and Factor components.

• Error 3001101: This is a legacy error code associated with non-VIP push notifications. It is no longer utilized in the current version of the platform.
• Error 0000010: This error triggers when the Symantec Identity Security Platform (IDSP) cannot successfully validate the X-Flow-State header provided in the request.

Handling Error 3001101

You can safely ignore error 3001101. As this is related to legacy push functionality, it does not impact modern FIDO or VIP Push flows. Ensure your implementation is not accidentally calling legacy endpoints or passing deprecated flow identifiers.

Handling Error 0000010

If you receive the Invalid X-Flow-State header error, you must investigate the following potential causes within your environment:

1. Decryption Failure: The system is unable to read or decrypt the flowState details for the provided encrypted flowStateId ####.
2. State Retrieval: The system fails to obtain the current flow state from the session store.
3. Security Violation (MITM): A Man-in-the-Middle (MITM) attack is detected, causing the system to return a BadRequest to protect the session.
4. Token Mismatch: The userId or userLoginId set in the flowState does not match the identifiers present in the User Access Token ####.
5. Identity Conflict: An invalid user name conflict is detected between the disambiguated userLoginId and the internal_user_login_id ####.

Check your API request headers to ensure the X-Flow-State value is correct, current, and belongs to the authenticated user session.