Open astrom-b opened 3 months ago
Hey sorry for getting so long to get to this. This pull request should fix it. However, I think it is best not to merge until after pilots are completed (just so we are certain nothing breaks)
Next time we can formally release it similar to how we did for RFCs. This way, implementors can always adopt a compatible release. Also we needn't wait for correction merges.
No problem. I haven't had the time to look at the change yet myself.
@endimion The proposed fix in the "issue#12" branch doesn't completely fix the problem because the request
parameter is still present. I get the following:
Observe that the request
param has the value [object Object]
.
Another thing to note here is that the response_uri
for direct_post
is mistakenly set in the redirect_uri
parameter. Should I report this separately?
Hi,
In utils/cryptoUtils.js the function
buildVpRequestJwt
sets up a signed JWT request object with a client id scheme of "redirect_uri". This is not allowed according to the standard.From OpenID4VP draft 20: