Closed chris-wood closed 1 year ago
1) This is somewhat the same as #229. From the Origin Trial and discussions with potential issuers, tying in redemption/issuance flows to existing requests was much easier than having to have a new sequenced request to trigger the authentication flow. It might be possible to migrate to the request-based flow.
2) Will centralize on #256 to track this.
Redemption uses the "Sec-Private-State-Token" header to convey a base64-encoded token. This raises a couple of questions: