ProofErrorReasons Class
Abblix.Oidc.Server
Abblix.Oidc.Server.Features.DPoP
ProofErrorReasons Class
Stable, machine-friendly reason tokens that Abblix.Oidc.Server.Features.DPoP.ProofValidator assigns to
Reason for log filters and metric labels. These are the
internal fine-grained failure categories; the OAuth-protocol-level error code surfaced
to clients is always invalid_dpop_proof (or use_dpop_nonce for the
nonce-required path) regardless of which of these matched.
public static class ProofErrorReasons
Inheritance System.Object → ProofErrorReasons
Fields
ProofErrorReasons.AccessTokenHashMismatch Field
Payload ath does not match Base64Url(SHA-256(access_token)).
public const string AccessTokenHashMismatch = "ath_mismatch";
Field Value
ProofErrorReasons.AccessTokenHashMissing Field
Payload ath claim is required (an access token is presented) but missing.
public const string AccessTokenHashMissing = "ath_missing";
Field Value
ProofErrorReasons.HttpMethodMismatch Field
Payload htm does not match the request method.
public const string HttpMethodMismatch = "htm_mismatch";
Field Value
ProofErrorReasons.HttpUriInvalid Field
Payload htu is not a valid absolute URI.
public const string HttpUriInvalid = "htu_invalid";
Field Value
ProofErrorReasons.HttpUriMismatch Field
Payload htu does not match the request URI after RFC 3986 §6.2 canonicalisation.
public const string HttpUriMismatch = "htu_mismatch";
Field Value
ProofErrorReasons.HttpUriMissing Field
Payload htu claim is missing.
public const string HttpUriMissing = "htu_missing";
Field Value
ProofErrorReasons.InvalidAlgorithm Field
Header alg is missing, not asymmetric, or not in the configured whitelist.
public const string InvalidAlgorithm = "invalid_alg";
Field Value
ProofErrorReasons.InvalidJwk Field
Header jwk is missing, malformed, or contains private-key material.
public const string InvalidJwk = "invalid_jwk";
Field Value
ProofErrorReasons.InvalidTokenType Field
Header typ is not dpop+jwt.
public const string InvalidTokenType = "invalid_typ";
Field Value
ProofErrorReasons.IssuedAtInvalid Field
Payload iat is not a Unix-time numeric.
public const string IssuedAtInvalid = "iat_invalid";
Field Value
ProofErrorReasons.IssuedAtMissing Field
Payload iat claim is missing.
public const string IssuedAtMissing = "iat_missing";
Field Value
ProofErrorReasons.IssuedAtOutOfWindow Field
Payload iat falls outside the configured tolerance window around the current time.
public const string IssuedAtOutOfWindow = "iat_out_of_window";
Field Value
ProofErrorReasons.JwtIdMissing Field
Payload jti claim is missing.
public const string JwtIdMissing = "jti_missing";
Field Value
ProofErrorReasons.MalformedJwt Field
JWS compact form is not three dot-separated segments, base64url-decode failed, or the header/payload is not a JSON object.
public const string MalformedJwt = "malformed_jwt";
Field Value
ProofErrorReasons.ReplayDetected Field
Payload jti has already been used within the acceptance window.
public const string ReplayDetected = "replay_detected";
Field Value
ProofErrorReasons.SignatureInvalid Field
JWS signature does not verify under the embedded jwk.
public const string SignatureInvalid = "signature_invalid";