diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e8c7314..7f14997 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -18,7 +18,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        go: ['1.23', '1.24']
+        go: ['1.24', '1.25']
     name: Go ${{ matrix.go }} test
     steps:
       - uses: actions/checkout@v5
diff --git a/README.md b/README.md
index 58fd765..64b1f12 100644
--- a/README.md
+++ b/README.md
@@ -169,9 +169,9 @@ Versions that also build are marked with :warning:.
 
 | Version | Supported          |
 | ------- | ------------------ |
-| <1.23   | :x:                |
-| 1.23    | :white_check_mark: |
+| <1.24   | :x:                |
 | 1.24    | :white_check_mark: |
+| 1.25    | :white_check_mark: |
 
 ## Why another library
 
diff --git a/go.mod b/go.mod
index 7df15b0..37f8254 100644
--- a/go.mod
+++ b/go.mod
@@ -1,8 +1,6 @@
 module github.com/zitadel/oidc/v3
 
-go 1.23.7
-
-toolchain go1.24.1
+go 1.24
 
 require (
 	github.com/bmatcuk/doublestar/v4 v4.9.1
diff --git a/pkg/op/auth_request.go b/pkg/op/auth_request.go
index 7bb320c..441e6a7 100644
--- a/pkg/op/auth_request.go
+++ b/pkg/op/auth_request.go
@@ -173,7 +173,7 @@ func ParseRequestObject(ctx context.Context, authReq *oidc.AuthRequest, storage
 	}
 	keySet := &jwtProfileKeySet{storage: storage, clientID: requestObject.Issuer}
 	if err = oidc.CheckSignature(ctx, authReq.RequestParam, payload, requestObject, nil, keySet); err != nil {
-		return oidc.ErrInvalidRequest().WithParent(err).WithDescription(err.Error())
+		return oidc.ErrInvalidRequest().WithParent(err).WithDescription("invalid request signature")
 	}
 	CopyRequestObjectToAuthRequest(authReq, requestObject)
 	return nil
diff --git a/pkg/op/server_legacy.go b/pkg/op/server_legacy.go
index 126fde1..f43a263 100644
--- a/pkg/op/server_legacy.go
+++ b/pkg/op/server_legacy.go
@@ -119,8 +119,10 @@ func (s *LegacyServer) Keys(ctx context.Context, r *Request[struct{}]) (*Respons
 	return NewResponse(jsonWebKeySet(keys)), nil
 }
 
+const authReqMissingClientID = "auth request is missing client_id"
+
 var (
-	ErrAuthReqMissingClientID    = errors.New("auth request is missing client_id")
+	ErrAuthReqMissingClientID    = errors.New(authReqMissingClientID)
 	ErrAuthReqMissingRedirectURI = errors.New("auth request is missing redirect_uri")
 )
 
@@ -138,7 +140,7 @@ func (s *LegacyServer) VerifyAuthRequest(ctx context.Context, r *Request[oidc.Au
 		}
 	}
 	if r.Data.ClientID == "" {
-		return nil, oidc.ErrInvalidRequest().WithParent(ErrAuthReqMissingClientID).WithDescription(ErrAuthReqMissingClientID.Error())
+		return nil, oidc.ErrInvalidRequest().WithParent(ErrAuthReqMissingClientID).WithDescription(authReqMissingClientID)
 	}
 	client, err := s.provider.Storage().GetClientByClientID(ctx, r.Data.ClientID)
 	if err != nil {