PAR tests expect only invalid_request_uri error
- fapi-rw-id2-par-attempt-to-use-request_uri-for-different-client: https://review-app-dev-branch-8.certification.openid.net/log-detail.html?log=19fDU7E1evam6h0
- fapi-rw-id2-par-attempt-invalid-redirect_uri: https://review-app-dev-branch-8.certification.openid.net/log-detail.html?log=YPpSFuPQ2GO26UT
- fapi-rw-id2-par-attempt-to-use-request_uri-for-different-client: https://review-app-dev-branch-8.certification.openid.net/log-detail.html?log=19fDU7E1evam6h0
It is fair to say issues with the actual content of a request_uri may be invalid_request_object errors. This test should allow for that error code in addition to invalid_request_uri.
Reason for that being that "fetching" a request_uri is just one step in an authorization server pipeline, its evaluation is another. When request_uri cannot be fetched or its content is not parseable as a JWT - it's invalid_request_uri, but if it is a JWT its processing is then passed to another middleware that is shared for both request and request_uri parameters.
Edited by Filip Skokan