According to the OpenID4VCI specification the OpenID configuration should be queried only if the credential issuer metadata does not include the authorization_servers parameter.
authorization_servers: OPTIONAL. Array of strings, where each string is an identifier of the OAuth 2.0 Authorization Server (as defined in [RFC8414]) the Credential Issuer relies on for authorization. If this parameter is omitted, the entity providing the Credential Issuer is also acting as the Authorization Server, i.e., the Credential Issuer's identifier is used to obtain the Authorization Server metadata. The actual OAuth 2.0 Authorization Server metadata is obtained from the oauth-authorization-server well-known location as defined in Section 3 of [RFC8414].
Furthermore the logic in the code ignores the defined authorization_servers completely if it is able to obtain the OpenID configuration from the issuer.
According to the OpenID4VCI specification the OpenID configuration should be queried only if the credential issuer metadata does not include the
authorization_servers
parameter.11.2.3. Credential Issuer Metadata Parameters
Furthermore the logic in the code ignores the defined
authorization_servers
completely if it is able to obtain the OpenID configuration from the issuer.See https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift/blob/ac62cca1b0245ba472cc027bc98b4224033236c8/Sources/Main/Resolvers/CredentialOffer/AuthorizationServerMetadataResolver.swift#L54-L72 and https://github.com/eu-digital-identity-wallet/eudi-lib-ios-openid4vci-swift/blob/ac62cca1b0245ba472cc027bc98b4224033236c8/Sources/Main/Resolvers/CredentialOffer/AuthorizationServerMetadataResolver.swift#L84-L93