PEP 807: use RFC 9457 for error responses

peps/pep-0807.rst

@@ -125,6 +125,11 @@ apply to all parts of this PEP's specification:
   Receiving servers **SHOULD** respond with a ``406 Not Acceptable``
   status code if any other ``Accept`` header is present.
 
+* Unless otherwise specified, all error (4xx and 5xx) responses from the server
+  **MUST** use the :rfc:`9457` (Problem Details for HTTP APIs) format.
+  In particular, the server **MUST** use the "Problem Details JSON Object"
+  defined in :rfc:`Section 3 <9457#section-3>` and **SHOULD** use
+  the ``application/problem+json`` media type in its responses.
 
 Trusted Publishing Discovery
 ----------------------------
@@ -189,16 +194,10 @@ The discovery mechanism is as follows:
 
 If the server does not support Trusted Publishing for the given
 upload URL, it **MUST** respond with a ``404 Not Found`` status code.
-When responding with a ``404 Not Found``, the server **SHOULD NOT**
-include a response body. If a response body is included, it **MUST**
-be ignored by the client.
 
 Servers **MAY** additionally respond with any other standard HTTP
-error code in the 400 or 500 range to indicate an error condition.
-
-Non-``200 OK``, non-``404 Not Found`` responses **MAY** include a body which,
-if present, **MUST** be a JSON object containing an
-`Error Response <Error Responses_>`__.
+error code in the 400 or 500 range to indicate an appropriate error
+condition.
 
 Trusted Publishing Token Exchange
 ---------------------------------
@@ -233,11 +232,8 @@ containing a JSON object with the following field:
 
 - ``audience``: a string containing the expected OIDC audience.
 
-On failure, the server **MUST** respond with any standard HTTP
-error code in the 400 or 500 range to indicate an error condition.
-Failure responses **MAY** include a body which, if present,
-**MUST** be a JSON object containing an
-`Error Response <Error Responses_>`__.
+On failure, the server **MUST** respond with a standard HTTP
+error code in the 400 or 500 range to indicate the appropriate error condition.
 
 Token Minting
 ~~~~~~~~~~~~~
@@ -277,29 +273,7 @@ containing a JSON object with the following fields:
   above) to determine when to refresh the upload credential, if needed.
 
 On failure, the server **MUST** respond with any standard HTTP
-error code in the 400 or 500 range to indicate an error condition.
-Failure responses **MUST** include a body which, if present,
-**MUST** be a JSON object containing an `Error Response <Error Responses_>`__.
-
-Error Responses
----------------
-
-When an error response body is included, it **MUST** be a JSON object
-containing the following fields:
-
-- ``message``: a string containing a short, high-level
-    human-readable summary of the error.
-
-- ``errors``: an array of one or more objects, each containing
-    the following fields:
-
-    - ``code``: a string containing a machine-readable error code.
-    - ``description``: a string containing a human-readable
-      description of the error.
-
-This PEP does not specify any particular error codes. Clients **SHOULD NOT**
-assume that error codes are consistent across different indices, and instead
-**MUST** treat error codes as opaque strings.
+error code in the 400 or 500 range to indicate the appropriate error condition.
 
 Security Implications
 =====================
@@ -417,7 +391,7 @@ Footnotes
 
 .. [#fn-hash]
 
-   The discovery key may be computed thus:
+   The discovery key may be computed thusly:
 
    .. code-block:: pycon