bifurcation
commented
1 year ago Yeah, I think this is a gap in the VCI core spec, in that it is not well-defined how you get a nonce. Basically, I wrote here what I think the VCI spec should do, namely have the credential endpoint accept two types of request, a priming request (no proof, gives you a nonce) and a credential request (with proof, using a nonce).
I'll file an issue on the VCI spec. Or maybe a PR if I'm feeling energetic!
What is a "Priming Request"? I would strongly advice against adding a new endpoint to a profile of an existing specification. If it is needed, let's discuss in VCI core spec.
Besides I think what is meant by a primer request is defined in the specification already: https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#section-8.3.2