Archived 2022.11.20. Content moved to error scenarios and responses.
Question
What is the precedence of the following scenarios, when determining the error response?
- expired/invalid access token
- expired/invalid/revoked consent
- invalid Software Product status (Inactive, Removed)
- invalid ADR status (Suspended, Revoked, Surrendered)
Answer
This is not defined by the Consumer Data Standards. The choice of precedence is implementation specific. That said, it would make sense to consider coarse-grained errors first. For example, validate the ADR status before the Software Product status, or ensure the Access Token (AT) is valid before validating consent.
Comments
0 comments
Please sign in to leave a comment.