invalid_password Invalid Password — SQLSTATE 28P01

Authentication failed because the password was wrong.

• The error is written to the server log and returned to the client carrying SQLSTATE 28P01.
• Any driver (libpq, JDBC, psycopg, npgsql, pgx) surfaces this code in its error object so you can branch on it programmatically.
• PL/pgSQL can trap it by name: EXCEPTION WHEN invalid_password THEN.

Severity: ERROR  |  PostgreSQL versions: 12, 13, 14, 15, 16, 17

Reproduce with the exact statement and read the full message in the server log (raise log_min_messages / set log_min_error_statement for more context).

The supplied password did not match, or the auth method and stored credential are misaligned.

Common causes:

• A wrong password.
• The role uses a different method in pg_hba.conf than the client expects.
• Password stored as md5 while the client negotiates scram (or the reverse).
• An expired password (VALID UNTIL).

Steps to resolve 28P01:

1. Set password_encryption = scram-sha-256, then reset: ALTER ROLE name PASSWORD '...';.
2. Align the pg_hba.conf auth method with the client and reload.
3. Check that VALID UNTIL has not expired.
4. Confirm the role and database names are correct.

Reference: PostgreSQL error codes — Class 28 (Invalid Authorization Specification).