[OAUTH-WG] Re: DPoP: which error code for ath or public key mismatch?

Hello Thomas, I believe Figure 16 (which is not normative) could be updated with an errata to use invalid_dpop_proof. S pozdravem, *Filip Skokan* On Sat, 8 Mar 2025 at 18:46, Thomas Broyer wrote: > Hi, > > I'm looking at DPoP (RFC9449) and wondering which error code should be > used by a reso

[OAUTH-WG] DPoP: which error code for ath or public key mismatch?

Hi, I'm looking at DPoP (RFC9449) and wondering which error code should be used by a resource server when the ath or public key don't match. In Section 7.1, 'error' is defined with > Additionally, invalid_dpop_proof is used to indicate that the DPoP proof itself was deemed invalid based on the c