If a request from an API client includes an action ID that does not match any actions available in the current state, it is best practice to return an error to the client.
After checking all the possible actions, if none match and the request's action ID is not null,
the adapter can throw an
AuthnErrorException. The adapter catches this
exception and writes an error to the API response.
if (apiSupport.getActionId(req) != null)
// An action ID was provided but it does not match one of those expected in the current state.
throw new AuthnErrorException(CommonErrorSpec.INVALID_ACTION_ID.makeInstance());