search

digitalbazaar / bedrock-vc-delivery

A Bedrock module for delivering issued VCs
Other
0 stars 0 forks source link

Include `credentials_supported` in OID4VCI metadata #22

Closed dlongley closed 3 weeks ago

dlongley commented 1 year ago

Including the credentials_supported field will allow the openid-credential-offer URLs generated to be shorter by using string IDs to refer to the credentials being offered. The string IDs can be referenced in the metadata to find the format and credential_definition.

This behavior will expose credential information to anyone who knows the exchange URL. Since exchange URLs are capability URLs and are intended to be either short-lived or publicly accessible, this is considered a non-issue.

dlongley commented 3 weeks ago

This has since changed in the OID4VCI spec to credential_configurations_supported.

https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0-ID1.html#name-credential-issuer-metadata-p

The details since ID-1 have now also changed and may continue to here:

https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#name-credential-issuer-metadata-p

dlongley commented 3 weeks ago

Done in v5.1.