Verification window expired
ERR-P01-IDT-0410 - Verification window expired
Section titled “ERR-P01-IDT-0410 - Verification window expired”Summary
Section titled “Summary”A time-boxed verification artifact (e.g. an email verification code) has aged out and can no longer be redeemed.
When this is raised
Section titled “When this is raised”- Reserved for the case where a verification window has demonstrably elapsed and the server is willing to say so explicitly.
- Note: on the live humans flow, an expired verification code does not
surface this code -
POST /v1/humans/verifydeliberately collapses every failure (no row / wrong code / expired window) into the single oracle-safeERR-P01-IDT-1100to avoid leaking which emails exist. This 410 is therefore reserved for non-enumeration-sensitive windows.
What to do
Section titled “What to do”- Request a fresh code via
POST /v1/humans/rotateand submit the new one within the 30-minute window. - Do not retry the expired code - it is permanently consumed.
Server-side cause
Section titled “Server-side cause”- Reserved - not currently emitted. The expired-window branch of
packages/identity/src/service/human.ts(verify, thev.expiresAt <= nowcheck) intentionally throwsinvalid_credentials(ERR-P01-IDT-1100) instead, for enumeration safety. Declared inpackages/spec/identity/errors.tspas the generic 410.
Example response
Section titled “Example response”{ "type": "https://citizenry.id/errors/ERR-P01-IDT-0410", "title": "Gone", "status": 410, "code": "ERR-P01-IDT-0410", "message": "verification window has expired", "method": "POST", "instance": "/v1/humans/verify", "request_url": "https://api.citizenry.id/v1/humans/verify", "timestamp": "2026-05-17T07:00:00.000Z"}Related codes
Section titled “Related codes”ERR-P01-IDT-1100- human verification code invalid (whatverifyactually emits for expiry, oracle-safe).ERR-P01-IDT-0429- rate limited.
Changelog
Section titled “Changelog”- 0.1.0 - introduced.