Rework W3C DC API examples (#254)

4 approvals, open for more than a week, discussed in a WG

diagrams/request_uri_mode_post_through_browser_api.md

@@ -14,11 +14,7 @@ participant "App Platform" as ap
 participant "Wallet" as w
 
 u --> r : use
-activate r
-
-r -> wp: navigator.identity.get(\nprotocol="openid4vp",\nrequest="client_id, \nrequest_uri, request_uri_method=post, \npresentation_definition")
 
-deactivate r
 activate wp
 
 wp -> ap: forward request (\norigin="example.verifier.com",\nprotocol="openid4vp",\nrequest="client_id, \nrequest_uri, request_uri_method=post,\n presentation_definition")

diagrams/request_uri_mode_post_through_browser_api.plantuml

@@ -14,11 +14,7 @@ participant "App Platform" as ap
 participant "Wallet" as w
 
 u --> r : use
-activate r
-
-r -> wp: navigator.identity.get(\nprotocol="openid4vp",\nrequest="client_id, \nrequest_uri, request_uri_method=post, \npresentation_definition")
 
-deactivate r
 activate wp
 
 wp -> ap: forward request (\norigin="example.verifier.com",\nprotocol="openid4vp",\nrequest="client_id, \nrequest_uri, request_uri_method=post,\n presentation_definition")

diagrams/signed_request_uri_through_browser_api.plantuml

@@ -19,7 +19,6 @@ activate r
 note over r,wp
     Note that the signed request object contains the Verifier's origin.
 end note
-r -> wp: navigator.identity.get(\nprotocol="openid4vp",\nrequest="client_id, request")
 
 deactivate r
 activate wp

openid-4-verifiable-presentations-1_0.md

@@ -1973,36 +1973,25 @@ And lastly, as part of the request, the Wallet is provided with information abou
 
 ## Protocol
 
-The value of the `protocol` parameter of the W3C Digital Credentials API MUST be set to `openid4vp` for this profile.
+For the profile defined in this section, the value of the exchange protocol used with the W3C Digital Credentials API [@!w3c.digital_credentials_api], is `openid4vp`.
 
 ## Request {#browser_api_request}
 
-The `request` member of the W3C Digital Credentials API [@!w3c.digital_credentials_api] contains an OpenID4VP Authorization Request, where every OpenID4VP Authorization Request parameter is represented as a top-level JavaScript object member.
+The Verifier MAY send all the OpenID4VP request parameters to the W3C Digital Credentials API as defined in [@!w3c.digital_credentials_api].
 
-The following is a non-normative example of how the W3C Digital Credentials API can be used with an unsigned OpenID4VP request when advanced security features of OpenID4VP are not used:
+The following is a non-normative example of an unsigned OpenID4VP request (when advanced security features of OpenID4VP are not used) that can be sent over the W3C Digital Credentials API :
 
 ```js
-try {
-  const credential = await navigator.identity.get({
-    digital: {
-      providers: [{
-        protocol: "openid4vp",
-        request:  {
-          response_type: "vp_token",
-          response_mode: "w3c_dc_api",
-          nonce: "n-0S6_WzA2Mj",
-          client_metadata: {...},
-          presentation_definition: {...}
-        }
-      }]
-    }
-  });
-} catch (err) {
-  // Handle errors and/or fallback to other invocation mechanisms
+{
+  response_type: "vp_token",
+  response_mode: "w3c_dc_api",
+  nonce: "n-0S6_WzA2Mj",
+  client_metadata: {...},
+  presentation_definition: {...}
 }
 ```
 
-Out of the Authorization Request parameters defined in [@!RFC6749] and (#vp_token_request), the following are supported with this profile: 
+Out of the Authorization Request parameters defined in [@!RFC6749] and (#vp_token_request), the following are supported with this profile:
 
 * `client_id`
 * `response_type`
@@ -2038,19 +2027,10 @@ The Verifier MAY send a signed request, for example, when identification and aut
 
 The signed Request Object MAY contain all the parameters listed in (#browser_api_request), except `request`.
 
-Below is a non-normative example of such a request:
+Below is a non-normative example of such a request sent over the W3C Digital Credentials API:
 
 ```js
-const credential = await navigator.identity.get({
-  digital: {
-    providers: [{
-      protocol: "openid4vp",
-      request: {
-        request: "eyJhbGciOiJF..."
-     }
-    }]
-  }
-});
+{ request: "eyJhbGciOiJF..." }
 ```
 
 This is an example of the payload of a signed OpenID4VP request used with the W3C Digital Credentials API:
@@ -2063,29 +2043,6 @@ The signed request allows the Wallet to authenticate the Verifier using a trust
 
 Every OpenID4VP Authorization Request results in a response being provided through the W3C Digital Credentials API. The response is an instance of the `DigitalCredential` interface, as defined in [@!w3c.digital_credentials_api], and the OpenID4VP Authorization Response parameters as defined for the Response Type are represented as an object within the `data` attribute.
 
-The following is a non-normative example of processing an unsigned OpenID4VP response that could be received from the W3C Digital Credentials API:
-
-```js
-const credential = await navigator.identity.get(request);
-if (credential.protocol == "openid4vp") {
-  // Extract relevant data members
-  const { vp_token, presentation_submission } =  credential.data;
-  // presentation_submission is a javascript object
-  // vp_token is a string or javascript object depending on the credential type
-}
-```
-
-The following is a non-normative example of processing an encrypted OpenID4VP response that could be received from the W3C Digital Credentials API:
-
-```js
-const credential = await navigator.identity.get(request);
-if (credential.protocol == "openid4vp") {
-  // Extract encrypted response
-  const { response } =  credential.data;
-  // response is a string containing a JWE, now decrypt it
-}
-```
-
 # Credential Format Profiles {#alternative_credential_formats}
 
 OpenID for Verifiable Presentations is Credential Format agnostic, i.e., it is designed to allow applications to request and receive Verifiable Presentations and Verifiable Credentials in any Credential Format. This section defines Credential Format Profiles for some of the known Credential Formats. Other specifications or deployments can define their own Credential Format Profiles.