Merge pull request #332 from openid/mbj-existing-error-values

selfissued · web-flow · commit a1a2aa5ae623 · 2026-02-15T18:10:06.000+01:00
Reference existing error values
diff --git a/openid-federation-1_0.xml b/openid-federation-1_0.xml
@@ -26,7 +26,7 @@
 
   <front>
     <title abbrev="OpenID Federation">OpenID Federation 1.0 -
-      draft 48
+      draft 49
     </title>
 
     <author fullname="Roland Hedberg" initials="R." role="editor"
@@ -78,7 +78,7 @@
       </address>
     </author>
 
-    <date day="1" month="February" year="2026"/>
+    <date day="9" month="February" year="2026"/>
 
     <workgroup>OpenID Connect Working Group</workgroup>
 
@@ -5728,15 +5728,33 @@ Host: trust-anchor.example.com
 	      REQUIRED.
 	      Error codes in the IANA "OAuth Extensions Error Registry"
 	      <xref target="IANA.OAuth.Parameters"/> MAY be used.
+	      In particular, these existing error codes are used by this specification:
+	      <list style="hanging">
+		<t hangText="invalid_request">
+		  <vspace/>
+		  The request is incomplete or does
+		  not comply with current specifications.
+		  The HTTP response status code SHOULD be 400 (Bad Request).
+		</t>
+		<t hangText="server_error">
+		  <vspace/>
+		  The server encountered an unexpected
+		  condition that prevented it from fulfilling the request.
+		  The HTTP response status code SHOULD be one in the 5xx range,
+		  like 500 (Internal Server Error).
+		</t>
+		<t hangText="temporarily_unavailable">
+		  <vspace/>
+		  The server hosting the federation endpoint
+		  is currently unable to handle
+		  the request due to temporary overloading or maintenance.
+		  The HTTP response status code SHOULD be 503 (Service Unavailable).
+		</t>
+	      </list>
+
 	      This specification also defines the following error codes:
 
               <list style="hanging">
-                <t hangText="invalid_request">
-                  <vspace/>
-                  The request is incomplete or does
-                  not comply with current specifications.
-                  The HTTP response status code SHOULD be 400 (Bad Request).
-                </t>
                 <t hangText="invalid_client">
                   <vspace/>
                   The Client cannot be authorized or is not
@@ -5773,20 +5791,6 @@ Host: trust-anchor.example.com
                   The requested Entity Identifier cannot be found.
                   The HTTP response status code SHOULD be 404 (Not Found).
                 </t>
-                <t hangText="server_error">
-                  <vspace/>
-                  The server encountered an unexpected
-                  condition that prevented it from fulfilling the request.
-                  The HTTP response status code SHOULD be one in the 5xx range,
-                  like 500 (Internal Server Error).
-                </t>
-                <t hangText="temporarily_unavailable">
-                  <vspace/>
-                  The server hosting the federation endpoint
-                  is currently unable to handle
-                  the request due to temporary overloading or maintenance.
-                  The HTTP response status code SHOULD be 503 (Service Unavailable).
-                </t>
                 <t hangText="unsupported_parameter">
                   <vspace/>
                   The server does not support the requested parameter.
@@ -8929,17 +8933,6 @@ HTTP/1.1 302 Found
 
           <t>
             <?rfc subcompact="yes"?>
-            <list style="symbols">
-              <t>Name: invalid_request</t>
-              <t>Usage Location: authorization endpoint</t>
-              <t>Protocol Extension: OpenID Federation</t>
-              <t>
-                Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net
-              </t>
-              <t>Reference: <xref target="error_response"/> of this specification</t>
-            </list>
-          </t>
-          <t>
             <list style="symbols">
               <t>Name: invalid_client</t>
               <t>Usage Location: authorization endpoint</t>
@@ -9016,28 +9009,6 @@ HTTP/1.1 302 Found
               <t>Reference: <xref target="error_response"/> of this specification</t>
             </list>
           </t>
-          <t>
-            <list style="symbols">
-              <t>Name: server_error</t>
-              <t>Usage Location: authorization endpoint</t>
-              <t>Protocol Extension: OpenID Federation</t>
-              <t>
-                Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net
-              </t>
-              <t>Reference: <xref target="error_response"/> of this specification</t>
-            </list>
-          </t>
-          <t>
-            <list style="symbols">
-              <t>Name: temporarily_unavailable</t>
-              <t>Usage Location: authorization endpoint</t>
-              <t>Protocol Extension: OpenID Federation</t>
-              <t>
-                Change Controller: OpenID Foundation Artifact Binding Working Group - openid-specs-ab@lists.openid.net
-              </t>
-              <t>Reference: <xref target="error_response"/> of this specification</t>
-            </list>
-          </t>
           <t>
             <list style="symbols">
               <t>Name: unsupported_parameter</t>
@@ -11680,6 +11651,16 @@ Host: op.umu.se
     <section anchor="History" title="Document History">
       <t>[[ To be removed from the final specification ]]</t>
 
+      <t>
+	-49
+	<list style="symbols">
+	  <t>
+	    Reference, rather than define, the existing error values
+	    invalid_request, server_error, and temporarily_unavailable.
+	  </t>
+	</list>
+      </t>
+
       <t>
 	-48
 	<list style="symbols">
