Certification Team Query: error messages shown by OPs
Issue #434
open
The certification team would appreciate any guidance from the working group on acceptable error messages when we’re reviewing certification submissions.
For example, we have a test:
This test uses an unregistered redirect uri. The authorization server should display an error saying the redirect uri is invalid, a screenshot of which should be uploaded
A large number of submissions we get the error message does not meet that criteria, I believe on the grounds it was viewed as ‘too technical’ to show to end users.
For FAPI submissions we’ve always adopted a position where error messages must at least “not be factually incorrect”. So for example “A problem occurred on our service, try again" is regarded as factually incorrect, but “Something went wrong.” is (just) regarded as okay.
We’re seeing “Something when wrong, please try again” commonly recently and aren’t sure whether to accept that.
Comments (4)
-
reporter
-
We’re seeing “Something when wrong, please try again” commonly recently and aren’t sure whether to accept that.
We are actually seeing “Something went wrong, please try again later” (note the “later”) which in my opinion is an appropriate error message and should be accepted. Because when something is wrong the end user should be provided with an action. “Something went wrong” ok but what should the end user do? Should they contact support? Did they do something wrong or was it a system error? Is it going to be fixed? etc…
“Try again later” implies a system error which might be fixed without the user taking any action. For example, in case of an invalid redirect uri, someone will notice and fix it and if the user tries again later, e.g tomorrow, it may just work.
I think the WG should allow “please try again later” in error messages.
-
- changed component to Implementation & Deployment Advice
Suggest we adding something to the deployment doc
-
- changed status to open
Concrete text is needed. If something needs to be done to FAPI 2, it has to be done NOW.
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- open
- Component
- Implementation & Deployment Advice
- Milestone
- –
- Votes
- 0
- Watchers
- 1
For the immediate question of whether “Something when wrong, please try again” is acceptable, I came to the conclusion that our “factually correct” criteria should be “factually correct when read by an end user and a relying party developer”, meaning the “please try again” is not acceptable as this wouldn’t solve an incorrect redirect uri problem for the RP developer.
We still welcome any WG feedback, either simply endorsing the current policy or suggestions on improvements are both greatly appreciated.