Task description
The current design of the protocol used by the wallets and the identity provider to create identities has a flaw that can result in wallets "losing" an identity, even though the identity was created at the identity provider.
Consider the following example:
The user creates an identity through the identity provider.
The wallet receives the URI to poll the identity at by extracting the code_uri from the 302 Found returned by the identity provider after a successful identity creation.
Before the wallet is able to store the code_uri it crashes, or fails due to some other issue.
The wallet is restarted but has no recollection of the identity that was created. This will usually result in the user creating yet another identity, even though they already have one available at the identity provider, but at an unknown location.
The problem, with the current setup, is that the wallet can only get the path to poll an identity at during the identity creation flow itself. To patch the issue it must be possible for a wallet to deterministically determine where it will have to fetch an identity when created, instead of letting the identity provider dictate the location after creation of the identity.
Solution proposal
To solve the problem the protocol has to be changed so that a created identity can be polled at a pre-determined location. An example of a possible location would be:
https://[hostname]:[port]/identity/IdCredPub
The exact chosen path is not critical (as long as it is consistent across all identity providers), but using the IdCredPub as the identifier for the lookup means that a wallet has access to this information before sending any requests to the identity provider, and therefore can store it to use it for later polling if an error occurs resulting in an unknown state. A wallet will poll the endpoint, and confirm the identity if it was actually complete, or it will receive an error from the identity provider if the identity was not created. In both scenarios the wallet can update its state so that it becomes consistent with the identity provider's.
Backwards compatibility
In order to stay backwards compatible an identity provider will have to keep returning a URI the location, but it should point to the updated URI based on the IdCredPub.
Task description The current design of the protocol used by the wallets and the identity provider to create identities has a flaw that can result in wallets "losing" an identity, even though the identity was created at the identity provider.
Consider the following example:
code_urifrom the302 Foundreturned by the identity provider after a successful identity creation.code_uriit crashes, or fails due to some other issue.The problem, with the current setup, is that the wallet can only get the path to poll an identity at during the identity creation flow itself. To patch the issue it must be possible for a wallet to deterministically determine where it will have to fetch an identity when created, instead of letting the identity provider dictate the location after creation of the identity.
Solution proposal To solve the problem the protocol has to be changed so that a created identity can be polled at a pre-determined location. An example of a possible location would be:
The exact chosen path is not critical (as long as it is consistent across all identity providers), but using the IdCredPub as the identifier for the lookup means that a wallet has access to this information before sending any requests to the identity provider, and therefore can store it to use it for later polling if an error occurs resulting in an unknown state. A wallet will poll the endpoint, and confirm the identity if it was actually complete, or it will receive an error from the identity provider if the identity was not created. In both scenarios the wallet can update its state so that it becomes consistent with the identity provider's.
Backwards compatibility In order to stay backwards compatible an identity provider will have to keep returning a URI the location, but it should point to the updated URI based on the IdCredPub.