If the proof does not match then the login request should be rejected with an `m.login.failure` and reason `device_proof_invalid`.
If the proof does not match then the login request should be rejected with an `m.login.failure` and reason `device_proof_failed`.
To asset the device does not already exist it calls [GET /_matrix/client/v3/devices/<device_id>](https://spec.matrix.org/v1.9/client-server-api/#get_matrixclientv3devicesdeviceid)
and expects to receive an HTTP 404 response.
@ -1034,6 +1036,18 @@ sequenceDiagram
rect rgba(0,255,0, 0.1)
note over E: Existing device validates the proof of device key ownership
note over N: 4) New device polls the OIDC Provider awaiting the outcome as per RFC8628 OIDC
@ -1291,7 +1305,7 @@ Fields:
|Field|Type||
|--- |--- |--- |
|`type`|required `string`|`m.login.failure`|
|`reason`|required `string`| One of: <table><tr><td><strong>Value</strong></td><td><strong>Description</strong></td></tr><tr><td><code>authorization_expired</code></td><td>The Device Authorization Grant expired</td></tr><tr><td><code>device_already_exists</code></td><td>The device ID specified by the new client already exists in the Homeserver provided device list</td></tr><tr><td><code>device_not_found</code></td><td>The new device is not present in the device list as returned by the Homeserver</td></tr><tr><td><code>unexpected_message_received</code></td><td>Sent by either device to indicate that they received a message of a type that they weren't expecting</td></tr><tr><td><code>unsupported_protocol</code></td><td>Sent by a device where no suitable protocol is available or the requested protocol requested is not supported</td></tr><tr><td><code>user_cancelled</code></td><td>Sent by either new or existing device to indicate that the user has cancelled the login</td></tr></table>|
|`reason`|required `string`| One of: <table><tr><td><strong>Value</strong></td><td><strong>Description</strong></td></tr><tr><td><code>authorization_expired</code></td><td>The Device Authorization Grant expired</td></tr><tr><td><code>device_already_exists</code></td><td>The device ID specified by the new client already exists in the Homeserver provided device list</td></tr><tr><td><code>device_proof_failed</code></td><td>The proof of device key ownership failed</td></tr><tr><tr><td><code>device_not_found</code></td><td>The new device is not present in the device list as returned by the Homeserver</td></tr><tr><td><code>unexpected_message_received</code></td><td>Sent by either device to indicate that they received a message of a type that they weren't expecting</td></tr><tr><td><code>unsupported_protocol</code></td><td>Sent by a device where no suitable protocol is available or the requested protocol requested is not supported</td></tr><tr><td><code>user_cancelled</code></td><td>Sent by either new or existing device to indicate that the user has cancelled the login</td></tr></table>|
|`homeserver`|`string`| When the existing device is sending this it can include the Base URL of the homeserver so that the new device can at least save the user the hassle of typing it in|