-
Further clarification are needed on the use of PAR Request.
-
The request object JWT header must include a `typ` header as specificied here
https://github.com/italia/eudi-wallet-it-docs/blob/fdd9cf44e69bd6eeb4cfb11684dd6f5e0e7c6a57/docs/en/remote-flow.rst?plain…
-
During the OAuth Security Workshop, Fabian's formal analysis highlighted that it is very hard to ensure the pre-auth code gets into the intended wallet. even when the PIN is used, if the QRcode with p…
-
Privacy has not started to be taken into account in the ARF 1.4. The minimum would be to include the two following properties as mandatory objectives of the architecture:
1. Full unlinkability
2. Ev…
-
https://github.com/openid/OpenID4VCI/pull/381
-
I cannot configure the Verifier.
What I do is use a ngrok domain pointing to ‘http:localhost:8080’.
In the proxy.conf.json file of ‘eudi-web-verifier’, I set my ngrok domain in the appropriate vari…
-
Secondo le specifiche attuali, nel flusso di autenticazione il Relying Party espone un Request URI endpoint `/request_uri?id=xxx` che il wallet chiama per acquisire un Request Object. Questo Request O…
-
When verifying SD-JWTs that have been signed with a DID's key, Nimbus' `JWSVerificationKeySelector` - and therefore the SD-JWT verifier - needs the JWK found in the DID document to have a `kid` that c…
-
As others have already pointed out in issues in this repo, both ISO mDL and the SD-JWT (VC) family of specifications define credential formats that are "locked in" to certain securing and selective di…
-
**Reference:** https://datatracker.ietf.org/doc/html/rfc9449
In `TokenEndpointClient.kt`, `fun requestAccessToken(..)`:
```
httpClient.submitForm(tokenEndpoint.toString(), formPar…