Including the credentials_supported field will allow the openid-credential-offer URLs generated to be shorter by using string IDs to refer to the credentials being offered. The string IDs can be referenced in the metadata to find the format and credential_definition.
This behavior will expose credential information to anyone who knows the exchange URL. Since exchange URLs are capability URLs and are intended to be either short-lived or publicly accessible, this is considered a non-issue.
Including the
credentials_supported
field will allow theopenid-credential-offer
URLs generated to be shorter by using string IDs to refer to the credentials being offered. The string IDs can be referenced in the metadata to find theformat
andcredential_definition
.This behavior will expose credential information to anyone who knows the exchange URL. Since exchange URLs are capability URLs and are intended to be either short-lived or publicly accessible, this is considered a non-issue.