This Bambda extension automatically detects over 300 different AADSTS error codes, highlights responses with different colors, and adds annotations to help identify auth issues during testing. Useful for spotting credential-based attacks and conditional access bypass opportunities.
Overview
- Defines a record structure for error codes with descriptions and highlights
- Creates a db of AADSTS error codes (over 300)
- Scans response bodies for these error codes
- Adds color highlights and annotations to matching responses
SprayBambda
/**
* Burp Suite Bambda for general debugging against MSOL.
* @author shain
**/
record ErrorCodes(String title, HighlightColor color, String... AADSTScode) {}
// AADSTS Error Codes, modify highlighting/title as required.
ErrorCodes AADSTS16000 = new ErrorCodes("InteractionRequired", HighlightColor.RED, "AADSTS16000");
ErrorCodes AADSTS16001 = new ErrorCodes("UserAccountSelectionInvalid", HighlightColor.RED, "AADSTS16001");
ErrorCodes AADSTS16002 = new ErrorCodes("AppSessionSelectionInvalid", HighlightColor.RED, "AADSTS16002");
ErrorCodes AADSTS160021 = new ErrorCodes("AppSessionSelectionInvalidSessionNotExist ", HighlightColor.RED, "AADSTS160021");
ErrorCodes AADSTS16003 = new ErrorCodes("SsoUserAccountNotFoundInResourceTenant ", HighlightColor.RED, "AADSTS16003");
ErrorCodes AADSTS17003 = new ErrorCodes("CredentialKeyProvisioningFailed ", HighlightColor.RED, "AADSTS17003");
ErrorCodes AADSTS20001 = new ErrorCodes("WsFedSignInResponseError ", HighlightColor.RED, "AADSTS20001");
ErrorCodes AADSTS20012 = new ErrorCodes("WsFedMessageInvalid ", HighlightColor.RED, "AADSTS20012");
ErrorCodes AADSTS20033 = new ErrorCodes("FedMetadataInvalidTenantName ", HighlightColor.RED, "AADSTS20033");
ErrorCodes AADSTS230109 = new ErrorCodes("CachedCredentialNonGWAuthNRequestsNotSupported ", HighlightColor.RED, "AADSTS230109");
ErrorCodes AADSTS28002 = new ErrorCodes("Specify a valid scope.", HighlightColor.RED, "AADSTS28002");
ErrorCodes AADSTS28003 = new ErrorCodes("Specify a valid scope.", HighlightColor.RED, "AADSTS28003");
ErrorCodes AADSTS40008 = new ErrorCodes("OAuth2IdPUnretryableServerError ", HighlightColor.RED, "AADSTS40008");
ErrorCodes AADSTS40009 = new ErrorCodes("OAuth2IdPRefreshTokenRedemptionUserError ", HighlightColor.RED, "AADSTS40009");
ErrorCodes AADSTS40010 = new ErrorCodes("OAuth2IdPRetryableServerError ", HighlightColor.RED, "AADSTS40010");
ErrorCodes AADSTS40015 = new ErrorCodes("OAuth2IdPAuthCodeRedemptionUserError ", HighlightColor.RED, "AADSTS40015");
ErrorCodes AADSTS50000 = new ErrorCodes("TokenIssuanceError ", HighlightColor.RED, "AADSTS50000");
ErrorCodes AADSTS50001 = new ErrorCodes("InvalidResource ", HighlightColor.RED, "AADSTS50001");
ErrorCodes AADSTS50002 = new ErrorCodes("NotAllowedTenant ", HighlightColor.RED, "AADSTS50002");
ErrorCodes AADSTS500011 = new ErrorCodes("InvalidResourceServicePrincipalNotFound ", HighlightColor.RED, "AADSTS500011");
ErrorCodes AADSTS500014 = new ErrorCodes("InvalidResourceServicePrincipalDisabled ", HighlightColor.RED, "AADSTS500014");
ErrorCodes AADSTS500021 = new ErrorCodes("Access to tenant is denied.", HighlightColor.RED, "AADSTS500021");
ErrorCodes AADSTS500022 = new ErrorCodes("Access to tenant is denied.", HighlightColor.RED, "AADSTS500022");
ErrorCodes AADSTS50003 = new ErrorCodes("MissingSigningKey ", HighlightColor.RED, "AADSTS50003");
ErrorCodes AADSTS50005 = new ErrorCodes("DevicePolicyError ", HighlightColor.RED, "AADSTS50005");
ErrorCodes AADSTS50006 = new ErrorCodes("InvalidSignature ", HighlightColor.RED, "AADSTS50006");
ErrorCodes AADSTS50007 = new ErrorCodes("PartnerEncryptionCertificateMissing ", HighlightColor.RED, "AADSTS50007");
ErrorCodes AADSTS50008 = new ErrorCodes("InvalidSamlToken ", HighlightColor.RED, "AADSTS50008");
ErrorCodes AADSTS5000819 = new ErrorCodes("InvalidSamlTokenEmailMissingOrInvalid ", HighlightColor.RED, "AADSTS5000819");
ErrorCodes AADSTS50010 = new ErrorCodes("AudienceUriValidationFailed ", HighlightColor.RED, "AADSTS50010");
ErrorCodes AADSTS50011 = new ErrorCodes("InvalidReplyTo ", HighlightColor.RED, "AADSTS50011");
ErrorCodes AADSTS50012 = new ErrorCodes("AuthenticationFailed ", HighlightColor.RED, "AADSTS50012");
ErrorCodes AADSTS50013 = new ErrorCodes("InvalidAssertion ", HighlightColor.RED, "AADSTS50013");
ErrorCodes AADSTS500133 = new ErrorCodes("Assertion isn't within its valid time range.", HighlightColor.RED, "AADSTS500133");
ErrorCodes AADSTS50014 = new ErrorCodes("GuestUserInPendingState ", HighlightColor.RED, "AADSTS50014");
ErrorCodes AADSTS50015 = new ErrorCodes("ViralUserLegalAgeConsentRequiredState ", HighlightColor.RED, "AADSTS50015");
ErrorCodes AADSTS50017 = new ErrorCodes("CertificateValidationFailed ", HighlightColor.RED, "AADSTS50017");
ErrorCodes AADSTS50020 = new ErrorCodes("UserUnauthorized ", HighlightColor.RED, "AADSTS50020");
ErrorCodes AADSTS500208 = new ErrorCodes("The domain is not a valid login domain for the account type.", HighlightColor.RED, "AADSTS500208");
ErrorCodes AADSTS500212 = new ErrorCodes("NotAllowedByOutboundPolicyTenant ", HighlightColor.RED, "AADSTS500212");
ErrorCodes AADSTS500213 = new ErrorCodes("NotAllowedByInboundPolicyTenant ", HighlightColor.RED, "AADSTS500213");
ErrorCodes AADSTS50027 = new ErrorCodes("InvalidJwtToken ", HighlightColor.RED, "AADSTS50027");
ErrorCodes AADSTS50029 = new ErrorCodes("Invalid URI ", HighlightColor.RED, "AADSTS50029");
ErrorCodes AADSTS50032 = new ErrorCodes("WeakRsaKey ", HighlightColor.RED, "AADSTS50032");
ErrorCodes AADSTS50033 = new ErrorCodes("RetryableError ", HighlightColor.RED, "AADSTS50033");
ErrorCodes AADSTS50034 = new ErrorCodes("UserAccountNotFound ", HighlightColor.RED, "AADSTS50034");
ErrorCodes AADSTS50042 = new ErrorCodes("UnableToGeneratePairwiseIdentifierWithMissingSalt ", HighlightColor.RED, "AADSTS50042");
ErrorCodes AADSTS50043 = new ErrorCodes("UnableToGeneratePairwiseIdentifierWithMultipleSalts", HighlightColor.RED, "AADSTS50043");
ErrorCodes AADSTS50048 = new ErrorCodes("SubjectMismatchesIssuer ", HighlightColor.RED, "AADSTS50048");
ErrorCodes AADSTS50049 = new ErrorCodes("NoSuchInstanceForDiscovery ", HighlightColor.RED, "AADSTS50049");
ErrorCodes AADSTS50050 = new ErrorCodes("MalformedDiscoveryRequest ", HighlightColor.RED, "AADSTS50050");
ErrorCodes AADSTS50053 = new ErrorCodes("IdsLocked", HighlightColor.RED, "AADSTS50053");
ErrorCodes AADSTS50055 = new ErrorCodes("InvalidPasswordExpiredPassword ", HighlightColor.RED, "AADSTS50055");
ErrorCodes AADSTS50056 = new ErrorCodes("Invalid or null password: password doesn't exist in the directory for this user.", HighlightColor.RED, "AADSTS50056");
ErrorCodes AADSTS50057 = new ErrorCodes("UserDisabled ", HighlightColor.RED, "AADSTS50057");
ErrorCodes AADSTS50058 = new ErrorCodes("UserInformationNotProvided ", HighlightColor.RED, "AADSTS50058");
ErrorCodes AADSTS50059 = new ErrorCodes("MissingTenantRealmAndNoUserInformationProvided ", HighlightColor.RED, "AADSTS50059");
ErrorCodes AADSTS50061 = new ErrorCodes("SignoutInvalidRequest ", HighlightColor.RED, "AADSTS50061");
ErrorCodes AADSTS50064 = new ErrorCodes("CredentialAuthenticationError ", HighlightColor.RED, "AADSTS50064");
ErrorCodes AADSTS50068 = new ErrorCodes("SignoutInitiatorNotParticipant ", HighlightColor.RED, "AADSTS50068");
ErrorCodes AADSTS50070 = new ErrorCodes("SignoutUnknownSessionIdentifier ", HighlightColor.RED, "AADSTS50070");
ErrorCodes AADSTS50071 = new ErrorCodes("SignoutMessageExpired ", HighlightColor.RED, "AADSTS50071");
ErrorCodes AADSTS50072 = new ErrorCodes("UserStrongAuthEnrollmentRequiredInterrupt ", HighlightColor.RED, "AADSTS50072");
ErrorCodes AADSTS50074 = new ErrorCodes("UserStrongAuthClientAuthNRequiredInterrupt ", HighlightColor.RED, "AADSTS50074");
ErrorCodes AADSTS50076 = new ErrorCodes("UserStrongAuthClientAuthNRequired ", HighlightColor.RED, "AADSTS50076");
ErrorCodes AADSTS50078 = new ErrorCodes("UserStrongAuthExpired", HighlightColor.RED, "AADSTS50078");
ErrorCodes AADSTS50079 = new ErrorCodes("UserStrongAuthEnrollmentRequired ", HighlightColor.RED, "AADSTS50079");
ErrorCodes AADSTS50085 = new ErrorCodes("Refresh token needs social IDP login.", HighlightColor.RED, "AADSTS50085");
ErrorCodes AADSTS50086 = new ErrorCodes("SasNonRetryableError", HighlightColor.RED, "AADSTS50086");
ErrorCodes AADSTS50087 = new ErrorCodes("SasRetryableError ", HighlightColor.RED, "AADSTS50087");
ErrorCodes AADSTS50088 = new ErrorCodes("Limit on telecom MFA calls reached.", HighlightColor.RED, "AADSTS50088");
ErrorCodes AADSTS50089 = new ErrorCodes("Authentication failed due to flow token expired.", HighlightColor.RED, "AADSTS50089");
ErrorCodes AADSTS50097 = new ErrorCodes("DeviceAuthenticationRequired ", HighlightColor.RED, "AADSTS50097");
ErrorCodes AADSTS50099 = new ErrorCodes("PKeyAuthInvalidJwtUnauthorized ", HighlightColor.RED, "AADSTS50099");
ErrorCodes AADSTS50105 = new ErrorCodes("EntitlementGrantsNotFound ", HighlightColor.RED, "AADSTS50105");
ErrorCodes AADSTS50107 = new ErrorCodes("InvalidRealmUri ", HighlightColor.RED, "AADSTS50107");
ErrorCodes AADSTS50120 = new ErrorCodes("ThresholdJwtInvalidJwtFormat ", HighlightColor.RED, "AADSTS50120");
ErrorCodes AADSTS50124 = new ErrorCodes("ClaimsTransformationInvalidInputParameter ", HighlightColor.RED, "AADSTS50124");
ErrorCodes AADSTS501241 = new ErrorCodes("Mandatory Input missing from transformation ID.", HighlightColor.RED, "AADSTS501241");
ErrorCodes AADSTS50125 = new ErrorCodes("PasswordResetRegistrationRequiredInterrupt ", HighlightColor.RED, "AADSTS50125");
ErrorCodes AADSTS50126 = new ErrorCodes("InvalidUserNameOrPassword ", HighlightColor.ORANGE, "AADSTS50126");
ErrorCodes AADSTS50127 = new ErrorCodes("BrokerAppNotInstalled ", HighlightColor.RED, "AADSTS50127");
ErrorCodes AADSTS50128 = new ErrorCodes("Invalid domain name ", HighlightColor.RED, "AADSTS50128");
ErrorCodes AADSTS50129 = new ErrorCodes("DeviceIsNotWorkplaceJoined ", HighlightColor.RED, "AADSTS50129");
ErrorCodes AADSTS50131 = new ErrorCodes("ConditionalAccessFailed ", HighlightColor.RED, "AADSTS50131");
ErrorCodes AADSTS50132 = new ErrorCodes("SsoArtifactInvalidOrExpired ", HighlightColor.RED, "AADSTS50132");
ErrorCodes AADSTS50133 = new ErrorCodes("SsoArtifactRevoked ", HighlightColor.RED, "AADSTS50133");
ErrorCodes AADSTS50134 = new ErrorCodes("DeviceFlowAuthorizeWrongDatacenter ", HighlightColor.RED, "AADSTS50134");
ErrorCodes AADSTS50135 = new ErrorCodes("PasswordChangeCompromisedPassword ", HighlightColor.RED, "AADSTS50135");
ErrorCodes AADSTS50136 = new ErrorCodes("RedirectMsaSessionToApp ", HighlightColor.RED, "AADSTS50136");
ErrorCodes AADSTS50139 = new ErrorCodes("SessionMissingMsaOAuth2RefreshToken ", HighlightColor.RED, "AADSTS50139");
ErrorCodes AADSTS50140 = new ErrorCodes("KmsiInterrupt ", HighlightColor.RED, "AADSTS50140");
ErrorCodes AADSTS50143 = new ErrorCodes("Session mismatch ", HighlightColor.RED, "AADSTS50143");
ErrorCodes AADSTS50144 = new ErrorCodes("InvalidPasswordExpiredOnPremPassword ", HighlightColor.RED, "AADSTS50144");
ErrorCodes AADSTS50146 = new ErrorCodes("MissingCustomSigningKey ", HighlightColor.RED, "AADSTS50146");
ErrorCodes AADSTS501461 = new ErrorCodes("AcceptMappedClaims is only supported for a token audience matching the application GUID or an audience within the tenant's verified domains.", HighlightColor.RED, "AADSTS501461");
ErrorCodes AADSTS50147 = new ErrorCodes("MissingCodeChallenge ", HighlightColor.RED, "AADSTS50147");
ErrorCodes AADSTS501481 = new ErrorCodes("The Code_Verifier doesn't match the code_challenge supplied in the authorization request.", HighlightColor.RED, "AADSTS501481");
ErrorCodes AADSTS501491 = new ErrorCodes("InvalidCodeChallengeMethodInvalidSize ", HighlightColor.RED, "AADSTS501491");
ErrorCodes AADSTS50155 = new ErrorCodes("DeviceAuthenticationFailed ", HighlightColor.RED, "AADSTS50155");
ErrorCodes AADSTS50158 = new ErrorCodes("ExternalSecurityChallenge ", HighlightColor.RED, "AADSTS50158");
ErrorCodes AADSTS50161 = new ErrorCodes("InvalidExternalSecurityChallengeConfiguration ", HighlightColor.RED, "AADSTS50161");
ErrorCodes AADSTS50166 = new ErrorCodes("ExternalClaimsProviderThrottled ", HighlightColor.RED, "AADSTS50166");
ErrorCodes AADSTS50168 = new ErrorCodes("ChromeBrowserSsoInterruptRequired ", HighlightColor.RED, "AADSTS50168");
ErrorCodes AADSTS50169 = new ErrorCodes("InvalidRequestBadRealm ", HighlightColor.RED, "AADSTS50169");
ErrorCodes AADSTS50170 = new ErrorCodes("MissingExternalClaimsProviderMapping ", HighlightColor.RED, "AADSTS50170");
ErrorCodes AADSTS50173 = new ErrorCodes("FreshTokenNeeded ", HighlightColor.RED, "AADSTS50173");
ErrorCodes AADSTS50177 = new ErrorCodes("ExternalChallengeNotSupportedForPassthroughUsers ", HighlightColor.RED, "AADSTS50177");
ErrorCodes AADSTS50178 = new ErrorCodes("SessionControlNotSupportedForPassthroughUsers ", HighlightColor.RED, "AADSTS50178");
ErrorCodes AADSTS50180 = new ErrorCodes("WindowsIntegratedAuthMissing ", HighlightColor.RED, "AADSTS50180");
ErrorCodes AADSTS50187 = new ErrorCodes("DeviceInformationNotProvided ", HighlightColor.RED, "AADSTS50187");
ErrorCodes AADSTS50192 = new ErrorCodes("Invalid Request ", HighlightColor.RED, "AADSTS50192");
ErrorCodes AADSTS50194 = new ErrorCodes("Application isn't configured as a multitenant application.", HighlightColor.RED, "AADSTS50194");
ErrorCodes AADSTS50197 = new ErrorCodes("ConflictingIdentities ", HighlightColor.RED, "AADSTS50197");
ErrorCodes AADSTS50199 = new ErrorCodes("CmsiInterrupt ", HighlightColor.RED, "AADSTS50199");
ErrorCodes AADSTS51000 = new ErrorCodes("RequiredFeatureNotEnabled ", HighlightColor.RED, "AADSTS51000");
ErrorCodes AADSTS51001 = new ErrorCodes("DomainHintMustbePresent ", HighlightColor.RED, "AADSTS51001");
ErrorCodes AADSTS1000104 = new ErrorCodes("XCB2BResourceCloudNotAllowedOnIdentityTenant ", HighlightColor.RED, "AADSTS1000104");
ErrorCodes AADSTS51004 = new ErrorCodes("UserAccountNotInDirectory ", HighlightColor.RED, "AADSTS51004");
ErrorCodes AADSTS51005 = new ErrorCodes("TemporaryRedirect ", HighlightColor.RED, "AADSTS51005");
ErrorCodes AADSTS51006 = new ErrorCodes("ForceReauthDueToInsufficientAuth ", HighlightColor.RED, "AADSTS51006");
ErrorCodes AADSTS52004 = new ErrorCodes("DelegationDoesNotExistForLinkedIn ", HighlightColor.RED, "AADSTS52004");
ErrorCodes AADSTS53000 = new ErrorCodes("DeviceNotCompliant ", HighlightColor.RED, "AADSTS53000");
ErrorCodes AADSTS53001 = new ErrorCodes("DeviceNotDomainJoined ", HighlightColor.RED, "AADSTS53001");
ErrorCodes AADSTS53002 = new ErrorCodes("ApplicationUsedIsNotAnApprovedApp ", HighlightColor.RED, "AADSTS53002");
ErrorCodes AADSTS53003 = new ErrorCodes("BlockedByConditionalAccess ", HighlightColor.RED, "AADSTS53003");
ErrorCodes AADSTS530035 = new ErrorCodes("BlockedBySecurityDefaults ", HighlightColor.RED, "AADSTS530035");
ErrorCodes AADSTS53004 = new ErrorCodes("ProofUpBlockedDueToRisk ", HighlightColor.RED, "AADSTS53004");
ErrorCodes AADSTS53010 = new ErrorCodes("ProofUpBlockedDueToSecurityInfoAcr ", HighlightColor.RED, "AADSTS53010");
ErrorCodes AADSTS53011 = new ErrorCodes("User blocked due to risk on home tenant.", HighlightColor.RED, "AADSTS53011");
ErrorCodes AADSTS530034 = new ErrorCodes("DelegatedAdminBlockedDueToSuspiciousActivity ", HighlightColor.RED, "AADSTS530034");
ErrorCodes AADSTS54000 = new ErrorCodes("MinorUserBlockedLegalAgeGroupRule", HighlightColor.RED, "AADSTS54000");
ErrorCodes AADSTS54005 = new ErrorCodes("OAuth2 Authorization code was already redeemed, please retry with a new valid code or use an existing refresh token.", HighlightColor.RED, "AADSTS54005");
ErrorCodes AADSTS65001 = new ErrorCodes("DelegationDoesNotExist ", HighlightColor.RED, "AADSTS65001");
ErrorCodes AADSTS65002 = new ErrorCodes("Consent between first party application and first party resource must be configured via preauthorization ", HighlightColor.RED, "AADSTS65002");
ErrorCodes AADSTS65004 = new ErrorCodes("UserDeclinedConsent ", HighlightColor.RED, "AADSTS65004");
ErrorCodes AADSTS65005 = new ErrorCodes("MisconfiguredApplication ", HighlightColor.RED, "AADSTS65005");
ErrorCodes AADSTS650052 = new ErrorCodes("The app needs access to a service that your organization hasn't subscribed to or enabled.", HighlightColor.RED, "AADSTS650052");
ErrorCodes AADSTS650054 = new ErrorCodes("The application asked for permissions to access a resource that has been removed or is no longer available.", HighlightColor.RED, "AADSTS650054");
ErrorCodes AADSTS650057 = new ErrorCodes("Invalid resource. The client has requested access to a resource which isn't listed in the requested permissions in the client's application registration. ", HighlightColor.RED, "AADSTS650057");
ErrorCodes AADSTS67003 = new ErrorCodes("ActorNotValidServiceIdentity", HighlightColor.RED, "AADSTS67003");
ErrorCodes AADSTS70000 = new ErrorCodes("InvalidGrant ", HighlightColor.RED, "AADSTS70000");
ErrorCodes AADSTS70001 = new ErrorCodes("UnauthorizedClient ", HighlightColor.RED, "AADSTS70001");
ErrorCodes AADSTS700011 = new ErrorCodes("UnauthorizedClientAppNotFoundInOrgIdTenant ", HighlightColor.RED, "AADSTS700011");
ErrorCodes AADSTS70002 = new ErrorCodes("InvalidClient ", HighlightColor.RED, "AADSTS70002");
ErrorCodes AADSTS700025 = new ErrorCodes("InvalidClientPublicClientWithCredential ", HighlightColor.RED, "AADSTS700025");
ErrorCodes AADSTS700027 = new ErrorCodes("Client assertion failed signature validation.", HighlightColor.RED, "AADSTS700027");
ErrorCodes AADSTS70003 = new ErrorCodes("UnsupportedGrantType ", HighlightColor.RED, "AADSTS70003");
ErrorCodes AADSTS700030 = new ErrorCodes("Invalid certificate ", HighlightColor.RED, "AADSTS700030");
ErrorCodes AADSTS70004 = new ErrorCodes("InvalidRedirectUri ", HighlightColor.RED, "AADSTS70004");
ErrorCodes AADSTS70005 = new ErrorCodes("UnsupportedResponseType ", HighlightColor.RED, "AADSTS70005");
ErrorCodes AADSTS700054 = new ErrorCodes("Response_type id_token isn't enabled for the application.", HighlightColor.RED, "AADSTS700054");
ErrorCodes AADSTS70007 = new ErrorCodes("UnsupportedResponseMode ", HighlightColor.RED, "AADSTS70007");
ErrorCodes AADSTS70008 = new ErrorCodes("ExpiredOrRevokedGrant ", HighlightColor.RED, "AADSTS70008");
ErrorCodes AADSTS700082 = new ErrorCodes("ExpiredOrRevokedGrantInactiveToken ", HighlightColor.RED, "AADSTS700082");
ErrorCodes AADSTS700084 = new ErrorCodes("The refresh token was issued to a single page app (SPA), and therefore has a fixed, limited lifetime, which can't be extended.", HighlightColor.RED, "AADSTS700084");
ErrorCodes AADSTS70011 = new ErrorCodes("InvalidScope ", HighlightColor.RED, "AADSTS70011");
ErrorCodes AADSTS70012 = new ErrorCodes("MsaServerError ", HighlightColor.RED, "AADSTS70012");
ErrorCodes AADSTS70016 = new ErrorCodes("AuthorizationPending ", HighlightColor.RED, "AADSTS70016");
ErrorCodes AADSTS70018 = new ErrorCodes("BadVerificationCode ", HighlightColor.RED, "AADSTS70018");
ErrorCodes AADSTS70019 = new ErrorCodes("CodeExpired ", HighlightColor.RED, "AADSTS70019");
ErrorCodes AADSTS70043 = new ErrorCodes("BadTokenDueToSignInFrequency ", HighlightColor.RED, "AADSTS70043");
ErrorCodes AADSTS75001 = new ErrorCodes("BindingSerializationError ", HighlightColor.RED, "AADSTS75001");
ErrorCodes AADSTS75003 = new ErrorCodes("UnsupportedBindingError ", HighlightColor.RED, "AADSTS75003");
ErrorCodes AADSTS75005 = new ErrorCodes("Saml2MessageInvalid ", HighlightColor.RED, "AADSTS75005");
ErrorCodes AADSTS7500514 = new ErrorCodes("A supported type of SAML response was not found.", HighlightColor.RED, "AADSTS7500514");
ErrorCodes AADSTS750054 = new ErrorCodes("SAMLRequest or SAMLResponse must be present as query string parameters in HTTP request for SAML Redirect binding. ", HighlightColor.RED, "AADSTS750054");
ErrorCodes AADSTS75008 = new ErrorCodes("RequestDeniedError ", HighlightColor.RED, "AADSTS75008");
ErrorCodes AADSTS75011 = new ErrorCodes("NoMatchedAuthnContextInOutputClaims ", HighlightColor.RED, "AADSTS75011");
ErrorCodes AADSTS75016 = new ErrorCodes("Saml2AuthenticationRequestInvalidNameIDPolicy ", HighlightColor.RED, "AADSTS75016");
ErrorCodes AADSTS76021 = new ErrorCodes("ApplicationRequiresSignedRequests ", HighlightColor.RED, "AADSTS76021");
ErrorCodes AADSTS76026 = new ErrorCodes("RequestIssueTimeExpired ", HighlightColor.RED, "AADSTS76026");
ErrorCodes AADSTS80001 = new ErrorCodes("OnPremiseStoreIsNotAvailable ", HighlightColor.RED, "AADSTS80001");
ErrorCodes AADSTS80002 = new ErrorCodes("OnPremisePasswordValidatorRequestTimedout ", HighlightColor.RED, "AADSTS80002");
ErrorCodes AADSTS80005 = new ErrorCodes("OnPremisePasswordValidatorUnpredictableWebException ", HighlightColor.RED, "AADSTS80005");
ErrorCodes AADSTS80007 = new ErrorCodes("OnPremisePasswordValidatorErrorOccurredOnPrem ", HighlightColor.RED, "AADSTS80007");
ErrorCodes AADSTS80010 = new ErrorCodes("OnPremisePasswordValidationEncryptionException ", HighlightColor.RED, "AADSTS80010");
ErrorCodes AADSTS80012 = new ErrorCodes("OnPremisePasswordValidationAccountLogonInvalidHours ", HighlightColor.RED, "AADSTS80012");
ErrorCodes AADSTS80013 = new ErrorCodes("OnPremisePasswordValidationTimeSkew ", HighlightColor.RED, "AADSTS80013");
ErrorCodes AADSTS80014 = new ErrorCodes("OnPremisePasswordValidationAuthenticationAgentTimeout ", HighlightColor.RED, "AADSTS80014");
ErrorCodes AADSTS81004 = new ErrorCodes("DesktopSsoIdentityInTicketIsNotAuthenticated ", HighlightColor.RED, "AADSTS81004");
ErrorCodes AADSTS81005 = new ErrorCodes("DesktopSsoAuthenticationPackageNotSupported ", HighlightColor.RED, "AADSTS81005");
ErrorCodes AADSTS81006 = new ErrorCodes("DesktopSsoNoAuthorizationHeader ", HighlightColor.RED, "AADSTS81006");
ErrorCodes AADSTS81007 = new ErrorCodes("DesktopSsoTenantIsNotOptIn ", HighlightColor.RED, "AADSTS81007");
ErrorCodes AADSTS81009 = new ErrorCodes("DesktopSsoAuthorizationHeaderValueWithBadFormat ", HighlightColor.RED, "AADSTS81009");
ErrorCodes AADSTS81010 = new ErrorCodes("DesktopSsoAuthTokenInvalid ", HighlightColor.RED, "AADSTS81010");
ErrorCodes AADSTS81011 = new ErrorCodes("DesktopSsoLookupUserBySidFailed ", HighlightColor.RED, "AADSTS81011");
ErrorCodes AADSTS81012 = new ErrorCodes("DesktopSsoMismatchBetweenTokenUpnAndChosenUpn ", HighlightColor.RED, "AADSTS81012");
ErrorCodes AADSTS90002 = new ErrorCodes("InvalidTenantName ", HighlightColor.RED, "AADSTS90002");
ErrorCodes AADSTS90004 = new ErrorCodes("InvalidRequestFormat ", HighlightColor.RED, "AADSTS90004");
ErrorCodes AADSTS90005 = new ErrorCodes("InvalidRequestWithMultipleRequirements ", HighlightColor.RED, "AADSTS90005");
ErrorCodes AADSTS90006 = new ErrorCodes("ExternalServerRetryableError ", HighlightColor.RED, "AADSTS90006");
ErrorCodes AADSTS90007 = new ErrorCodes("InvalidSessionId ", HighlightColor.RED, "AADSTS90007");
ErrorCodes AADSTS90008 = new ErrorCodes("TokenForItselfRequiresGraphPermission ", HighlightColor.RED, "AADSTS90008");
ErrorCodes AADSTS90009 = new ErrorCodes("TokenForItselfMissingIdenticalAppIdentifier ", HighlightColor.RED, "AADSTS90009");
ErrorCodes AADSTS90010 = new ErrorCodes("NotSupported ", HighlightColor.RED, "AADSTS90010");
ErrorCodes AADSTS9001023 = new ErrorCodes("The grant type isn't supported over the /common or /consumers endpoints. Please use the /organizations or tenant", HighlightColor.RED, "AADSTS9001023");
ErrorCodes AADSTS90012 = new ErrorCodes("RequestTimeout ", HighlightColor.RED, "AADSTS90012");
ErrorCodes AADSTS90013 = new ErrorCodes("InvalidUserInput ", HighlightColor.RED, "AADSTS90013");
ErrorCodes AADSTS90014 = new ErrorCodes("MissingRequiredField ", HighlightColor.RED, "AADSTS90014");
ErrorCodes AADSTS900144 = new ErrorCodes("The request body is missing a required parameter.", HighlightColor.RED, "AADSTS900144");
ErrorCodes AADSTS90015 = new ErrorCodes("QueryStringTooLong", HighlightColor.RED, "AADSTS90015");
ErrorCodes AADSTS90016 = new ErrorCodes("MissingRequiredClaim ", HighlightColor.RED, "AADSTS90016");
ErrorCodes AADSTS90019 = new ErrorCodes("MissingTenantRealm ", HighlightColor.PINK, "AADSTS90019");
ErrorCodes AADSTS90020 = new ErrorCodes("The SAML 1.1 Assertion is missing ImmutableID of the user.", HighlightColor.RED, "AADSTS90020");
ErrorCodes AADSTS90022 = new ErrorCodes("AuthenticatedInvalidPrincipalNameFormat ", HighlightColor.RED, "AADSTS90022");
ErrorCodes AADSTS90023 = new ErrorCodes("InvalidRequest ", HighlightColor.RED, "AADSTS90023");
ErrorCodes AADSTS900236 = new ErrorCodes("InvalidRequestSamlPropertyUnsupported", HighlightColor.RED, "AADSTS900236");
ErrorCodes AADSTS9002313 = new ErrorCodes("InvalidRequest ", HighlightColor.RED, "AADSTS9002313");
ErrorCodes AADSTS9002332 = new ErrorCodes("Application is configured for use by Microsoft Entra users only. Please do not use the /consumers endpoint to serve this request.", HighlightColor.RED, "AADSTS9002332");
ErrorCodes AADSTS90024 = new ErrorCodes("RequestBudgetExceededError ", HighlightColor.RED, "AADSTS90024");
ErrorCodes AADSTS90027 = new ErrorCodes("We are unable to issue tokens from this API version on the MSA tenant.", HighlightColor.RED, "AADSTS90027");
ErrorCodes AADSTS90033 = new ErrorCodes("MsodsServiceUnavailable ", HighlightColor.RED, "AADSTS90033");
ErrorCodes AADSTS90036 = new ErrorCodes("MsodsServiceUnretryableFailure ", HighlightColor.RED, "AADSTS90036");
ErrorCodes AADSTS90038 = new ErrorCodes("NationalCloudTenantRedirection ", HighlightColor.RED, "AADSTS90038");
ErrorCodes AADSTS900384 = new ErrorCodes("JWT token failed signature validation. ", HighlightColor.RED, "AADSTS900384");
ErrorCodes AADSTS90043 = new ErrorCodes("NationalCloudAuthCodeRedirection ", HighlightColor.RED, "AADSTS90043");
ErrorCodes AADSTS900432 = new ErrorCodes("Confidential Client isn't supported in Cross Cloud request.", HighlightColor.RED, "AADSTS900432");
ErrorCodes AADSTS90051 = new ErrorCodes("InvalidNationalCloudId ", HighlightColor.RED, "AADSTS90051");
ErrorCodes AADSTS90055 = new ErrorCodes("TenantThrottlingError ", HighlightColor.RED, "AADSTS90055");
ErrorCodes AADSTS90056 = new ErrorCodes("BadResourceRequest ", HighlightColor.RED, "AADSTS90056");
ErrorCodes AADSTS900561 = new ErrorCodes("BadResourceRequestInvalidRequest ", HighlightColor.RED, "AADSTS900561");
ErrorCodes AADSTS90072 = new ErrorCodes("PassThroughUserMfaError ", HighlightColor.RED, "AADSTS90072");
ErrorCodes AADSTS90081 = new ErrorCodes("OrgIdWsFederationMessageInvalid ", HighlightColor.RED, "AADSTS90081");
ErrorCodes AADSTS90082 = new ErrorCodes("OrgIdWsFederationNotSupported ", HighlightColor.RED, "AADSTS90082");
ErrorCodes AADSTS90084 = new ErrorCodes("OrgIdWsFederationGuestNotAllowed ", HighlightColor.RED, "AADSTS90084");
ErrorCodes AADSTS90085 = new ErrorCodes("OrgIdWsFederationSltRedemptionFailed ", HighlightColor.RED, "AADSTS90085");
ErrorCodes AADSTS90086 = new ErrorCodes("OrgIdWsTrustDaTokenExpired ", HighlightColor.RED, "AADSTS90086");
ErrorCodes AADSTS90087 = new ErrorCodes("OrgIdWsFederationMessageCreationFromUriFailed ", HighlightColor.RED, "AADSTS90087");
ErrorCodes AADSTS90090 = new ErrorCodes("GraphRetryableError ", HighlightColor.RED, "AADSTS90090");
ErrorCodes AADSTS90091 = new ErrorCodes("GraphServiceUnreachable", HighlightColor.RED, "AADSTS90091");
ErrorCodes AADSTS90092 = new ErrorCodes("GraphNonRetryableError", HighlightColor.RED, "AADSTS90092");
ErrorCodes AADSTS90093 = new ErrorCodes("GraphUserUnauthorized ", HighlightColor.RED, "AADSTS90093");
ErrorCodes AADSTS90094 = new ErrorCodes("AdminConsentRequired ", HighlightColor.RED, "AADSTS90094");
ErrorCodes AADSTS900382 = new ErrorCodes("Confidential Client isn't supported in Cross Cloud request.", HighlightColor.RED, "AADSTS900382");
ErrorCodes AADSTS90095 = new ErrorCodes("AdminConsentRequiredRequestAccess", HighlightColor.RED, "AADSTS90095");
ErrorCodes AADSTS90099 = new ErrorCodes("The application has not been authorized in the tenant.", HighlightColor.RED, "AADSTS90099");
ErrorCodes AADSTS900971 = new ErrorCodes("No reply address provided.", HighlightColor.RED, "AADSTS900971");
ErrorCodes AADSTS90100 = new ErrorCodes("InvalidRequestParameter ", HighlightColor.RED, "AADSTS90100");
ErrorCodes AADSTS901002 = new ErrorCodes("AADSTS901002: The 'resource' request parameter isn't supported.", HighlightColor.RED, "AADSTS901002");
ErrorCodes AADSTS90101 = new ErrorCodes("InvalidEmailAddress ", HighlightColor.RED, "AADSTS90101");
ErrorCodes AADSTS90102 = new ErrorCodes("InvalidUriParameter ", HighlightColor.RED, "AADSTS90102");
ErrorCodes AADSTS90107 = new ErrorCodes("InvalidXml ", HighlightColor.RED, "AADSTS90107");
ErrorCodes AADSTS90114 = new ErrorCodes("InvalidExpiryDate ", HighlightColor.RED, "AADSTS90114");
ErrorCodes AADSTS90117 = new ErrorCodes("InvalidRequestInput", HighlightColor.RED, "AADSTS90117");
ErrorCodes AADSTS90119 = new ErrorCodes("InvalidUserCode ", HighlightColor.RED, "AADSTS90119");
ErrorCodes AADSTS90120 = new ErrorCodes("InvalidDeviceFlowRequest ", HighlightColor.RED, "AADSTS90120");
ErrorCodes AADSTS90121 = new ErrorCodes("InvalidEmptyRequest ", HighlightColor.RED, "AADSTS90121");
ErrorCodes AADSTS90123 = new ErrorCodes("IdentityProviderAccessDenied ", HighlightColor.RED, "AADSTS90123");
ErrorCodes AADSTS90124 = new ErrorCodes("V1ResourceV2GlobalEndpointNotSupported ", HighlightColor.RED, "AADSTS90124");
ErrorCodes AADSTS90125 = new ErrorCodes("DebugModeEnrollTenantNotFound ", HighlightColor.RED, "AADSTS90125");
ErrorCodes AADSTS90126 = new ErrorCodes("DebugModeEnrollTenantNotInferred ", HighlightColor.RED, "AADSTS90126");
ErrorCodes AADSTS90130 = new ErrorCodes("NonConvergedAppV2GlobalEndpointNotSupported ", HighlightColor.RED, "AADSTS90130");
ErrorCodes AADSTS120000 = new ErrorCodes("PasswordChangeIncorrectCurrentPassword", HighlightColor.RED, "AADSTS120000");
ErrorCodes AADSTS120002 = new ErrorCodes("PasswordChangeInvalidNewPasswordWeak", HighlightColor.RED, "AADSTS120002");
ErrorCodes AADSTS120003 = new ErrorCodes("PasswordChangeInvalidNewPasswordContainsMemberName", HighlightColor.RED, "AADSTS120003");
ErrorCodes AADSTS120004 = new ErrorCodes("PasswordChangeOnPremComplexity", HighlightColor.RED, "AADSTS120004");
ErrorCodes AADSTS120005 = new ErrorCodes("PasswordChangeOnPremSuccessCloudFail", HighlightColor.RED, "AADSTS120005");
ErrorCodes AADSTS120008 = new ErrorCodes("PasswordChangeAsyncJobStateTerminated ", HighlightColor.RED, "AADSTS120008");
ErrorCodes AADSTS120011 = new ErrorCodes("PasswordChangeAsyncUpnInferenceFailed", HighlightColor.RED, "AADSTS120011");
ErrorCodes AADSTS120012 = new ErrorCodes("PasswordChangeNeedsToHappenOnPrem", HighlightColor.RED, "AADSTS120012");
ErrorCodes AADSTS120013 = new ErrorCodes("PasswordChangeOnPremisesConnectivityFailure", HighlightColor.RED, "AADSTS120013");
ErrorCodes AADSTS120014 = new ErrorCodes("PasswordChangeOnPremUserAccountLockedOutOrDisabled", HighlightColor.RED, "AADSTS120014");
ErrorCodes AADSTS120015 = new ErrorCodes("PasswordChangeADAdminActionRequired", HighlightColor.RED, "AADSTS120015");
ErrorCodes AADSTS120016 = new ErrorCodes("PasswordChangeUserNotFoundBySspr", HighlightColor.RED, "AADSTS120016");
ErrorCodes AADSTS120018 = new ErrorCodes("PasswordChangePasswordDoesnotComplyFuzzyPolicy", HighlightColor.RED, "AADSTS120018");
ErrorCodes AADSTS120020 = new ErrorCodes("PasswordChangeFailure", HighlightColor.RED, "AADSTS120020");
ErrorCodes AADSTS120021 = new ErrorCodes("PartnerServiceSsprInternalServiceError", HighlightColor.RED, "AADSTS120021");
ErrorCodes AADSTS130004 = new ErrorCodes("NgcKeyNotFound ", HighlightColor.RED, "AADSTS130004");
ErrorCodes AADSTS130005 = new ErrorCodes("NgcInvalidSignature ", HighlightColor.RED, "AADSTS130005");
ErrorCodes AADSTS130006 = new ErrorCodes("NgcTransportKeyNotFound ", HighlightColor.RED, "AADSTS130006");
ErrorCodes AADSTS130007 = new ErrorCodes("NgcDeviceIsDisabled ", HighlightColor.RED, "AADSTS130007");
ErrorCodes AADSTS130008 = new ErrorCodes("NgcDeviceIsNotFound ", HighlightColor.RED, "AADSTS130008");
ErrorCodes AADSTS135010 = new ErrorCodes("KeyNotFound", HighlightColor.RED, "AADSTS135010");
ErrorCodes AADSTS135011 = new ErrorCodes("Device used during the authentication is disabled.", HighlightColor.RED, "AADSTS135011");
ErrorCodes AADSTS140000 = new ErrorCodes("InvalidRequestNonce ", HighlightColor.RED, "AADSTS140000");
ErrorCodes AADSTS140001 = new ErrorCodes("InvalidSessionKey ", HighlightColor.RED, "AADSTS140001");
ErrorCodes AADSTS165900 = new ErrorCodes("InvalidApiRequest ", HighlightColor.RED, "AADSTS165900");
ErrorCodes AADSTS220450 = new ErrorCodes("UnsupportedAndroidWebViewVersion ", HighlightColor.RED, "AADSTS220450");
ErrorCodes AADSTS220501 = new ErrorCodes("InvalidCrlDownload", HighlightColor.RED, "AADSTS220501");
ErrorCodes AADSTS221000 = new ErrorCodes("DeviceOnlyTokensNotSupportedByResource ", HighlightColor.RED, "AADSTS221000");
ErrorCodes AADSTS240001 = new ErrorCodes("BulkAADJTokenUnauthorized ", HighlightColor.RED, "AADSTS240001");
ErrorCodes AADSTS240002 = new ErrorCodes("RequiredClaimIsMissing ", HighlightColor.RED, "AADSTS240002");
ErrorCodes AADSTS501621 = new ErrorCodes("ClaimsTransformationTimeoutRegularExpressionTimeout ", HighlightColor.RED, "AADSTS501621");
ErrorCodes AADSTS530032 = new ErrorCodes("BlockedByConditionalAccessOnSecurityPolicy ", HighlightColor.RED, "AADSTS530032");
ErrorCodes AADSTS700016 = new ErrorCodes("UnauthorizedClient_DoesNotMatchRequest ", HighlightColor.RED, "AADSTS700016");
ErrorCodes AADSTS700020 = new ErrorCodes("InteractionRequired ", HighlightColor.RED, "AADSTS700020");
ErrorCodes AADSTS700022 = new ErrorCodes("InvalidMultipleResourcesScope ", HighlightColor.RED, "AADSTS700022");
ErrorCodes AADSTS700023 = new ErrorCodes("InvalidResourcelessScope ", HighlightColor.RED, "AADSTS700023");
ErrorCodes AADSTS7000215 = new ErrorCodes("Invalid client secret is provided. Developer error ", HighlightColor.RED, "AADSTS7000215");
ErrorCodes AADSTS7000218 = new ErrorCodes("The request body must contain the following parameter: client_assertion or client_secret.", HighlightColor.RED, "AADSTS7000218");
ErrorCodes AADSTS7000222 = new ErrorCodes("InvalidClientSecretExpiredKeysProvided ", HighlightColor.RED, "AADSTS7000222");
ErrorCodes AADSTS700229 = new ErrorCodes("ForbiddenTokenType", HighlightColor.RED, "AADSTS700229");
ErrorCodes AADSTS700005 = new ErrorCodes("InvalidGrantRedeemAgainstWrongTenant ", HighlightColor.RED, "AADSTS700005");
ErrorCodes AADSTS1000000 = new ErrorCodes("UserNotBoundError ", HighlightColor.RED, "AADSTS1000000");
ErrorCodes AADSTS1000002 = new ErrorCodes("BindCompleteInterruptError ", HighlightColor.RED, "AADSTS1000002");
ErrorCodes AADSTS100007 = new ErrorCodes("Microsoft Entra Regional ONLY supports auth either for MSIs OR for requests from MSAL using SN+I for 1P apps or 3P apps in Microsoft infrastructure tenants.", HighlightColor.RED, "AADSTS100007");
ErrorCodes AADSTS1000031 = new ErrorCodes("Application can't be accessed at this time. Contact your administrator.", HighlightColor.RED, "AADSTS1000031");
ErrorCodes AADSTS7000112 = new ErrorCodes("UnauthorizedClientApplicationDisabled ", HighlightColor.RED, "AADSTS7000112");
ErrorCodes AADSTS9002341 = new ErrorCodes("V2Error: invalid_grant ", HighlightColor.RED, "AADSTS9002341");
ErrorCodes[] groups = {
AADSTS16001, AADSTS16002, AADSTS160021,
AADSTS16003, AADSTS17003, AADSTS20001, AADSTS20012,
AADSTS20033, AADSTS230109, AADSTS28002, AADSTS28003,
AADSTS40008, AADSTS40009, AADSTS40010, AADSTS40015,
AADSTS50000, AADSTS50001, AADSTS50002, AADSTS500011,
AADSTS500014, AADSTS500021, AADSTS500022, AADSTS50003,
AADSTS50005, AADSTS50006, AADSTS50007, AADSTS50008,
AADSTS5000819, AADSTS50010, AADSTS50011, AADSTS50012,
AADSTS50013, AADSTS500133, AADSTS50014, AADSTS50015,
AADSTS50017, AADSTS50020, AADSTS500208, AADSTS500212,
AADSTS500213, AADSTS50027, AADSTS50029, AADSTS50032,
AADSTS50033, AADSTS50034, AADSTS50042, AADSTS50043,
AADSTS50048, AADSTS50049, AADSTS50050, AADSTS50053,
AADSTS50055, AADSTS50056, AADSTS50057, AADSTS50058,
AADSTS50059, AADSTS50061, AADSTS50064, AADSTS50068,
AADSTS50070, AADSTS50071, AADSTS50072, AADSTS50074,
AADSTS50076, AADSTS50078, AADSTS50079, AADSTS50085,
AADSTS50086, AADSTS50087, AADSTS50088, AADSTS50089,
AADSTS50097, AADSTS50099, AADSTS50105, AADSTS50107,
AADSTS50120, AADSTS50124, AADSTS501241, AADSTS50125,
AADSTS50126, AADSTS50127, AADSTS50128, AADSTS50129,
AADSTS50131, AADSTS50132, AADSTS50133, AADSTS50134,
AADSTS50135, AADSTS50136, AADSTS50139, AADSTS50140,
AADSTS50143, AADSTS50144, AADSTS50146, AADSTS501461,
AADSTS50147, AADSTS501481, AADSTS501491, AADSTS50155,
AADSTS50158, AADSTS50161, AADSTS50166, AADSTS50168,
AADSTS50169, AADSTS50170, AADSTS50173, AADSTS50177,
AADSTS50178, AADSTS50180, AADSTS50187, AADSTS50192,
AADSTS50194, AADSTS50197, AADSTS50199, AADSTS51000,
AADSTS51001, AADSTS1000104, AADSTS51004, AADSTS51005,
AADSTS51006, AADSTS52004, AADSTS53000, AADSTS53001,
AADSTS53002, AADSTS53003, AADSTS530035, AADSTS53004,
AADSTS53010, AADSTS53011, AADSTS530034, AADSTS54000,
AADSTS54005, AADSTS65001, AADSTS65002, AADSTS65004,
AADSTS65005, AADSTS650052, AADSTS650054, AADSTS650057,
AADSTS67003, AADSTS70000, AADSTS70001, AADSTS700011,
AADSTS70002, AADSTS700025, AADSTS700027, AADSTS70003,
AADSTS700030, AADSTS70004, AADSTS70005, AADSTS700054,
AADSTS70007, AADSTS70008, AADSTS700082, AADSTS700084,
AADSTS70011, AADSTS70012, AADSTS70016, AADSTS70018,
AADSTS70019, AADSTS70043, AADSTS75001, AADSTS75003,
AADSTS75005, AADSTS7500514, AADSTS750054, AADSTS75008,
AADSTS75011, AADSTS75016, AADSTS76021, AADSTS76026,
AADSTS80001, AADSTS80002, AADSTS80005, AADSTS80007,
AADSTS80010, AADSTS80012, AADSTS80013, AADSTS80014,
AADSTS81004, AADSTS81005, AADSTS81006, AADSTS81007,
AADSTS81009, AADSTS81010, AADSTS81011, AADSTS81012,
AADSTS90002, AADSTS90004, AADSTS90005, AADSTS90006,
AADSTS90007, AADSTS90008, AADSTS90009, AADSTS90010,
AADSTS9001023, AADSTS90012, AADSTS90013, AADSTS90014,
AADSTS900144, AADSTS90015, AADSTS90016, AADSTS90019,
AADSTS90020, AADSTS90022, AADSTS90023, AADSTS900236,
AADSTS9002313, AADSTS9002332, AADSTS90024, AADSTS90027,
AADSTS90033, AADSTS90036, AADSTS90038, AADSTS900384,
AADSTS90043, AADSTS900432, AADSTS90051, AADSTS90055,
AADSTS90056, AADSTS900561, AADSTS90072, AADSTS90081,
AADSTS90082, AADSTS90084, AADSTS90085, AADSTS90086,
AADSTS90087, AADSTS90090, AADSTS90091, AADSTS90092,
AADSTS90093, AADSTS90094, AADSTS900382, AADSTS90095,
AADSTS90099, AADSTS900971, AADSTS90100, AADSTS901002,
AADSTS90101, AADSTS90102, AADSTS90107, AADSTS90114,
AADSTS90117, AADSTS90119, AADSTS90120, AADSTS90121,
AADSTS90123, AADSTS90124, AADSTS90125, AADSTS90126,
AADSTS90130, AADSTS120000, AADSTS120002, AADSTS120003,
AADSTS120004, AADSTS120005, AADSTS120008, AADSTS120011,
AADSTS120012, AADSTS120013, AADSTS120014, AADSTS120015,
AADSTS120016, AADSTS120018, AADSTS120020, AADSTS120021,
AADSTS130004, AADSTS130005, AADSTS130006, AADSTS130007,
AADSTS130008, AADSTS135010, AADSTS135011, AADSTS140000,
AADSTS140001, AADSTS165900, AADSTS220450, AADSTS220501,
AADSTS221000, AADSTS240001, AADSTS240002, AADSTS501621,
AADSTS530032, AADSTS700016, AADSTS700020, AADSTS700022,
AADSTS700023, AADSTS7000215, AADSTS7000218, AADSTS7000222,
AADSTS700229, AADSTS700005, AADSTS1000000, AADSTS1000002,
AADSTS100007, AADSTS1000031, AADSTS7000112, AADSTS9002341,
};
Set<String> parsedCode = new HashSet<>();
Map<HighlightColor, Integer> colorCounts = new HashMap<>();
String combinedNotes = "";
// Get the request object
var response = requestResponse.response().bodyToString();
var responseCode = requestResponse.response().statusCode();
// Main loop to check for matches
for (ErrorCodes group : groups) {
for (String codeName : group.AADSTScode()) {
if (response.contains(codeName)) {
parsedCode.add(group.title() + ": " + codeName);
colorCounts.put(group.color(), colorCounts.getOrDefault(group.color(), 0) + 1);
requestResponse.annotations().setHighlightColor(group.color());
combinedNotes = String.join(", ", parsedCode);
requestResponse.annotations().setNotes(combinedNotes);
return true;
}
}
}
// Save tokens to disk, post notification with Project Discoverys notify.exe
/*
if (responseCode == 200) {
if (response.contains("access_token")) {
var request = requestResponse.request();
var tokenResponse = requestResponse.response().bodyToString();
var username = request.parameterValue("username", HttpParameterType.BODY);
var dec_username = utilities().urlUtils().decode(username).strip();
Runtime.getRuntime().exec("C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -c echo \'"
+ tokenResponse + "\' >> C:\\Users\\shain\\Desktop\\tokens.txt");
Runtime.getRuntime().exec("C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe -c echo " +
"https://www.youtube.com/watch?v=NVIbCvfkO3E " + dec_username
+ "|E:\\Tools\\notify\\notify.exe -pc E:\\Tools\\notify\\config.yaml");
combinedNotes = "[+] Valid Credential Pair";
requestResponse.annotations().setNotes(combinedNotes);
}
}
*/
return true;
Features
-
Color-Coded Error Detection: The script uses different highlight colors to visually identify errors in Burp’s interface.
-
Error Coverage: Includes definitions for hundreds of AADSTS error codes, making it easy to identify specific authentication issues.
-
Annotations: Adds notes to each response with the specific error codes detected.
-
Special Case Handling: the AADSTS50126 code (“InvalidUserNameOrPassword”) is highlighted ORANGE, valid credentials pairs will be GREEN.
Application
This Bambda is particularly useful for:
- Authentication security testing
- Password spraying attacks
- Conditional access bypass testing
- OAuth/OIDC flow debugging
- Identifying account lockout policies
Un-comment the code at the bottom (and modify the path) to exfil tokens although I would recommend using something self hosted rather than Discord for anything other than testing.