JWS action mismatch
ERR-P01-IDT-1011 - JWS action mismatch
Section titled “ERR-P01-IDT-1011 - JWS action mismatch”Summary
Section titled “Summary”A body-signed request’s payload declares an action that does not match the endpoint it was sent to.
When this is raised
Section titled “When this is raised”- The JWS payload’s action/purpose claim (e.g.
rotate-key) does not match the route being called (DELETE /v1/agent/mevs.POST /v1/agent/me/rotate-key). - This binds each signed request to a single intended operation so a JWS minted for one action cannot be redirected to another.
What to do
Section titled “What to do”- Mint the JWS with the action claim that matches the endpoint you are calling.
- Do not reuse a JWS across the rotate-key and self-revoke endpoints - sign a fresh payload per action.
Server-side cause
Section titled “Server-side cause”- Reserved - will be raised by the
/v1/agent/merotate-key / self-revoke flow; not yet wired (packages/identity/src/service/me.ts, whererotateKeyandselfRevokecurrently thrownot implemented).
Example response
Section titled “Example response”{ "type": "https://citizenry.id/errors/ERR-P01-IDT-1011", "title": "Unauthorized", "status": 401, "code": "ERR-P01-IDT-1011", "message": "payload action does not match this endpoint", "method": "DELETE", "instance": "/v1/agent/me", "request_url": "https://api.citizenry.id/v1/agent/me", "timestamp": "2026-05-17T07:00:00.000Z"}Related codes
Section titled “Related codes”ERR-P01-IDT-1010- JWS replay.ERR-P01-IDT-1012- JWS lifetime exceeded.
Changelog
Section titled “Changelog”- 0.1.0 - introduced.