@@ -125,6 +125,11 @@ apply to all parts of this PEP's specification:
125125 Receiving servers **SHOULD ** respond with a ``406 Not Acceptable ``
126126 status code if any other ``Accept `` header is present.
127127
128+ * Unless otherwise specified, all error (4xx and 5xx) responses from the server
129+ **MUST ** use the :rfc: `9457 ` (Problem Details for HTTP APIs) format.
130+ In particular, the server **MUST ** use the "Problem Details JSON Object"
131+ defined in :rfc: `Section 3 <9457#section-3 >` and **SHOULD ** use
132+ the ``application/problem+json `` media type in its responses.
128133
129134Trusted Publishing Discovery
130135----------------------------
@@ -189,16 +194,10 @@ The discovery mechanism is as follows:
189194
190195
191196upload URL, it **MUST ** respond with a ``404 Not Found `` status code.
192- When responding with a ``404 Not Found ``, the server **SHOULD NOT **
193- include a response body. If a response body is included, it **MUST **
194- be ignored by the client.
195197
196198Servers **MAY ** additionally respond with any other standard HTTP
197- error code in the 400 or 500 range to indicate an error condition.
198-
199- Non-``200 OK ``, non-``404 Not Found `` responses **MAY ** include a body which,
200- if present, **MUST ** be a JSON object containing an
201- `Error Response <Error Responses _>`__.
199+ error code in the 400 or 500 range to indicate an appropriate error
200+ condition.
202201
203202Trusted Publishing Token Exchange
204203---------------------------------
@@ -233,11 +232,8 @@ containing a JSON object with the following field:
233232
234233- ``audience ``: a string containing the expected OIDC audience.
235234
236- On failure, the server **MUST ** respond with any standard HTTP
237- error code in the 400 or 500 range to indicate an error condition.
238- Failure responses **MAY ** include a body which, if present,
239- **MUST ** be a JSON object containing an
240- `Error Response <Error Responses _>`__.
235+ On failure, the server **MUST ** respond with a standard HTTP
236+ error code in the 400 or 500 range to indicate the appropriate error condition.
241237
242238Token Minting
243239~~~~~~~~~~~~~
@@ -277,29 +273,7 @@ containing a JSON object with the following fields:
277273 above) to determine when to refresh the upload credential, if needed.
278274
279275On failure, the server **MUST ** respond with any standard HTTP
280- error code in the 400 or 500 range to indicate an error condition.
281- Failure responses **MUST ** include a body which, if present,
282- **MUST ** be a JSON object containing an `Error Response <Error Responses _>`__.
283-
284- Error Responses
285- ---------------
286-
287- When an error response body is included, it **MUST ** be a JSON object
288- containing the following fields:
289- <
CB7E
/div>
290- - ``message ``: a string containing a short, high-level
291- human-readable summary of the error.
292-
293- - ``errors ``: an array of one or more objects, each containing
294- the following fields:
295-
296- - ``code ``: a string containing a machine-readable error code.
297- - ``description ``: a string containing a human-readable
298- description of the error.
299-
300- This PEP does not specify any particular error codes. Clients **SHOULD NOT **
301- assume that error codes are consistent across different indices, and instead
302- **MUST ** treat error codes as opaque strings.
276+ error code in the 400 or 500 range to indicate the appropriate error condition.
303277
304278Security Implications
305279=====================
@@ -417,7 +391,7 @@ Footnotes
417391
418392.. [#fn-hash ]
419393
420- The discovery key may be computed thus :
394+ The discovery key may be computed thusly :
421395
422396 .. code-block :: pycon
423397
0 commit comments