[Openid-specs-fapi] Issue #434: Certification Team Query: error messages shown by OPs (openid/fapi)

Joseph Heenan issues-reply at bitbucket.org
Wed Aug 11 14:52:52 UTC 2021

New issue 434: Certification Team Query: error messages shown by OPs

Joseph Heenan:

The certification team would appreciate any guidance from the working group on acceptable error messages when we’re reviewing certification submissions.

For example, we have a test:

> `This test uses an unregistered redirect uri. The authorization server should display an error saying the redirect uri is invalid, a screenshot of which should be uploaded`

A large number of submissions we get the error message does not meet that criteria, I believe on the grounds it was viewed as ‘too technical’ to show to end users.

For FAPI submissions we’ve always adopted a position where error messages must at least “not be factually incorrect”. So for example “A problem occurred on our service, try again" is regarded as factually incorrect, but “Something went wrong.” is \(just\) regarded as okay.  
We’re seeing “Something when wrong, please try again” commonly recently and aren’t sure whether to accept that.

More information about the Openid-specs-fapi mailing list