Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix description of error code for invalid state #182

Merged
merged 1 commit into from
Jun 10, 2024
Merged

Fix description of error code for invalid state #182

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 21 additions & 2 deletions openid-sharedsignals-framework-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1761,8 +1761,8 @@ sub_id
Upon receiving a Verification Event, the Event Receiver SHALL parse the SET and
validate its claims. In particular, the Event Receiver SHALL confirm that the
value for "state" is as expected. If the value of "state" does not match, an
error response of "setData" SHOULD be returned (see Section 2.3 of
{{RFC8935}} or {{RFC8936}}).
error response with the "err" field set to "invalid_state" SHOULD be returned (see Section 2.4 of
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@FragLegs I feel we should link 2.3 from RFC8935 or an example

HTTP/1.1 400 Bad Request
Content-Language: en-US
Content-Type: application/json

{
  "err": "invalid_state",
  "description": "verification event contained "state" claim not expected by the reciever"
}

{{RFC8935}} or Section 2.4.4 of {{RFC8936}}).

In many cases, Event Transmitters MAY disable or suspend an Event Stream that
fails to successfully verify based on the acknowledgement or lack of
Expand Down Expand Up @@ -2188,6 +2188,25 @@ Subject Identifiers for Security Event Tokens {{RFC9493}} specification.
The `ssf-configuration` well-known endpoint is registered in IANA's Well-Known URIs
registry, as defined by {{RFC8615}}.

IANA is asked to assign the error code "invalid_state", as defined in {{verification-event}}, to the
Security Event Token Error Codes section of the Security Event Token registry, as defined
in Section 7.1 of {{RFC8935}}. The following information is provided as required by the
registration template:

Error Code

> invalid_state

Description

> Indicates that a Verification event contained a "state" claim that does not
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To align with other SSF error code description, suggesting following

The SSF verification event contained "state" claim not expected by the receiver

match the value expected by the Receiver.

Change Controller

> OpenID - Shared Signals Working Group


--- back

# Acknowledgements
Expand Down
Loading