JWK invalid
ERR-P01-IDT-2001 - JWK invalid
Section titled “ERR-P01-IDT-2001 - JWK invalid”Summary
Section titled “Summary”The supplied Ed25519 signing public key (public_key_jwk) is malformed.
When this is raised
Section titled “When this is raised”- On
POST /v1/agent/register(client-supplied-key path), thepublic_key_jwkfails Ed25519 JWK validation:- not an object,
ktynot"OKP",crvnot"Ed25519",xmissing / not a base64url string,xdoes not decode to exactly 32 bytes.
What to do
Section titled “What to do”- Send a well-formed RFC 8037 Ed25519 public JWK:
{ "kty": "OKP", "crv": "Ed25519", "x": "<32-byte base64url>" }. - Verify the
xvalue decodes to 32 raw bytes (an Ed25519 public key). - If you would rather not manage keys, omit the JWKs and pass
generate_keypair: true.
Server-side cause
Section titled “Server-side cause”- Raised by:
packages/identity/src/service/register.ts-validateJwk. - Guard: the
kty/crv/x/length assertions, each throwingRegisterError('jwk_invalid', …); mapped toIDENTITY_ERR.jwk_invalid(422) inpackages/identity/src/router/register.ts.
Example response
Section titled “Example response”{ "type": "https://citizenry.id/errors/ERR-P01-IDT-2001", "title": "Unprocessable", "status": 422, "code": "ERR-P01-IDT-2001", "message": "x must decode to 32 bytes", "method": "POST", "instance": "/v1/agent/register", "request_url": "https://api.citizenry.id/v1/agent/register", "timestamp": "2026-05-17T07:00:00.000Z"}Related codes
Section titled “Related codes”ERR-P01-IDT-2006- encryption JWK invalid (the X25519 sibling).ERR-P01-IDT-2005- key binding invalid.
Changelog
Section titled “Changelog”- 0.1.0 - introduced.