You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If the Response Type value is code (Authorization Code Grant Type), the VP Token is provided in the Token Response.
(and has a similar entry in the table)
Does anyone actually do this? If not we should probably remove it from the spec, it feels like it might be an unnecessary complication. I'm not sure it's actually fully defined either, e.g. there's no mechanism defined for a client using the x509_san_dns client_id_scheme to actually authenticate at the token endpoint.
(If people are actually using it then the conformance tests might need to support it, they don't currently.)
The text was updated successfully, but these errors were encountered:
I don't think we need support for this in the conformance tests, yet. but it also feels premature to remove this. we don't know if wallets will only be native apps and more wallets seem to be using servers for one purpose or the other.
Fix it so it's clear how you would implement it for the various client id schemes, e.g. how you use x509_san_dns at the token endpoint
Document that it doesn't work for some client id schemes.
If no one is actually using it (which seems likely given people haven't ask questions about how you'd do it with the client id schemes) I believe it would be better to remove it, so we can add it back later when we do have people that use it.
https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID2.html#name-response says:
(and has a similar entry in the table)
Does anyone actually do this? If not we should probably remove it from the spec, it feels like it might be an unnecessary complication. I'm not sure it's actually fully defined either, e.g. there's no mechanism defined for a client using the x509_san_dns client_id_scheme to actually authenticate at the token endpoint.
(If people are actually using it then the conformance tests might need to support it, they don't currently.)
The text was updated successfully, but these errors were encountered: