Skip to content

Updates to error handling #135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Aug 12, 2025
Merged

Updates to error handling #135

merged 2 commits into from
Aug 12, 2025
+8 −3

Conversation

panva
Copy link
Member

@panva panva commented Jul 12, 2025

Additional to #131 this updates the error section a bit more since it is referenced from later Token and PAR endpoint sections and linking to RFC6750 error handling is just not right then.

Making use_attestation_challenge a MUST use when challenge validations fail just makes sense and having to have it accompanied by OAuth-Client-Attestation-Challenge as well. I don't mind defining invalid_client_attestation but only as a MAY because on the AS authenticated endpoints the convention is already invalid_client for client authentication failures, for the RS responses it's probably fine.

closes #131

@panva panva mentioned this pull request Jul 12, 2025
Closed
tplooker
tplooker reviewed Jul 13, 2025
View reviewed changes
tplooker
tplooker reviewed Jul 13, 2025
View reviewed changes
@tplooker
Copy link
Collaborator

Approved, but then had a couple of suggestions to add.

c2bo
c2bo approved these changes Jul 30, 2025
View reviewed changes
Copy link
Member

@c2bo c2bo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you add an entry to the document history? Looks good otherwise imho

@c2bo
Copy link
Member

c2bo commented Jul 30, 2025

Supersedes #132

paulbastian
paulbastian reviewed Aug 5, 2025
View reviewed changes
Copy link
Collaborator

@paulbastian paulbastian left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

approved., history missing and let's not forget to add Micha to acknowledgments from #132

@paulbastian paulbastian merged commit edd887a into oauth-wg:main Aug 12, 2025
1 check passed
@panva panva deleted the update-error-responses branch August 12, 2025 06:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tplooker tplooker tplooker approved these changes

@c2bo c2bo c2bo approved these changes

@paulbastian paulbastian paulbastian approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Dedicated error code for missing client attestation
4 participants
@panva @tplooker @c2bo @paulbastian