Skip to main content

ProofErrorReasons Class

Abblix.Oidc.Server

Abblix.Oidc.Server.Features.DPoP

ProofErrorReasons Class

Stable, machine-friendly reason tokens that Abblix.Oidc.Server.Features.DPoP.ProofValidator assigns to Reason for log filters and metric labels. These are the internal fine-grained failure categories; the OAuth-protocol-level error code surfaced to clients is always invalid_dpop_proof (or use_dpop_nonce for the nonce-required path) regardless of which of these matched.

public static class ProofErrorReasons

Inheritance System.Object → ProofErrorReasons

Fields

ProofErrorReasons.AccessTokenHashMismatch Field

Payload ath does not match Base64Url(SHA-256(access_token)).

public const string AccessTokenHashMismatch = "ath_mismatch";

Field Value

System.String

ProofErrorReasons.AccessTokenHashMissing Field

Payload ath claim is required (an access token is presented) but missing.

public const string AccessTokenHashMissing = "ath_missing";

Field Value

System.String

ProofErrorReasons.HttpMethodMismatch Field

Payload htm does not match the request method.

public const string HttpMethodMismatch = "htm_mismatch";

Field Value

System.String

ProofErrorReasons.HttpUriInvalid Field

Payload htu is not a valid absolute URI.

public const string HttpUriInvalid = "htu_invalid";

Field Value

System.String

ProofErrorReasons.HttpUriMismatch Field

Payload htu does not match the request URI after RFC 3986 §6.2 canonicalisation.

public const string HttpUriMismatch = "htu_mismatch";

Field Value

System.String

ProofErrorReasons.HttpUriMissing Field

Payload htu claim is missing.

public const string HttpUriMissing = "htu_missing";

Field Value

System.String

ProofErrorReasons.InvalidAlgorithm Field

Header alg is missing, not asymmetric, or not in the configured whitelist.

public const string InvalidAlgorithm = "invalid_alg";

Field Value

System.String

ProofErrorReasons.InvalidJwk Field

Header jwk is missing, malformed, or contains private-key material.

public const string InvalidJwk = "invalid_jwk";

Field Value

System.String

ProofErrorReasons.InvalidTokenType Field

Header typ is not dpop+jwt.

public const string InvalidTokenType = "invalid_typ";

Field Value

System.String

ProofErrorReasons.IssuedAtInvalid Field

Payload iat is not a Unix-time numeric.

public const string IssuedAtInvalid = "iat_invalid";

Field Value

System.String

ProofErrorReasons.IssuedAtMissing Field

Payload iat claim is missing.

public const string IssuedAtMissing = "iat_missing";

Field Value

System.String

ProofErrorReasons.IssuedAtOutOfWindow Field

Payload iat falls outside the configured tolerance window around the current time.

public const string IssuedAtOutOfWindow = "iat_out_of_window";

Field Value

System.String

ProofErrorReasons.JwtIdMissing Field

Payload jti claim is missing.

public const string JwtIdMissing = "jti_missing";

Field Value

System.String

ProofErrorReasons.MalformedJwt Field

JWS compact form is not three dot-separated segments, base64url-decode failed, or the header/payload is not a JSON object.

public const string MalformedJwt = "malformed_jwt";

Field Value

System.String

ProofErrorReasons.ReplayDetected Field

Payload jti has already been used within the acceptance window.

public const string ReplayDetected = "replay_detected";

Field Value

System.String

ProofErrorReasons.SignatureInvalid Field

JWS signature does not verify under the embedded jwk.

public const string SignatureInvalid = "signature_invalid";

Field Value

System.String