- edited description
Error codes for HTTP Message Signatures-related errors
Issue #719
new
It may be worth considering defining new error codes for HTTP message signature verification errors.
RFC 9449 OAuth 2.0 Demonstrating Proof of Possession (DPoP) has defined invalid_dpop_proof
and use_dpop_nonce
error codes for DPoP-related errors. Similarly, OAuth-aware applications using HTTP Message Signatures may want dedicated error codes for HTTP Message Signatures-related errors. For example, invalid_http_message_signature
.
Without such dedicated error codes, the userinfo endpoint implementation I’m working on will eventually return invalid_request
for HTTP message signature verification errors, as there doesn’t seem to be any more appropriate error code among the currently available ones.
Comments (1)
-
reporter - Log in to comment