Access token not verified in the credential endpoint implementation

Sphereon-Opensource / OID4VC

OpenID for Verifiable Credentials - modules for issuers, holders and RPs

Apache License 2.0

62 stars 19 forks source link

Access token not verified in the credential endpoint implementation #95

Open TimoGlastra opened 6 months ago

TimoGlastra commented 6 months ago

When looking at the credential endpoint implementation in the issuer-rest package, I couldn't find any code related to the validation of the access token generated in the access token endpoint.

This endpoint should verify the bearer authorization token passed in the header.

I might be missing where this is happening, so in that case, please point me to the file where this is handled (I'm looking for some util functions I may be able to re-use for the Credo endpoint implementation)

nklomp commented 6 months ago

Yeah, totally forgot about it, it seems 🤦