Currently, library doesn't support client_id_scheme equal to did, which is one of the scheme described in OpenId4VP.
did: This value indicates that the Client Identifier is a DID defined in [DID-Core]. The request MUST be signed with a private key associated with the DID. A public key to verify the signature MUST be obtained from the verificationMethod property of a DID Document. Since DID Document may include multiple public keys, a particular public key used to sign the request in question MUST be identified by the kid in the JOSE Header. To obtain the DID Document, the Wallet MUST use DID Resolution defined by the DID method used by the Verifier.
In case of client_id_scheme equal to did the following rules must be implemented:
client_id must be DID
Authorization request must be signed => JWT Secured Authorization Request (JAR)
In the header of the JAR JWT must include a kid attribute with a DID URL pointing to a specific pub key inside the DID Document.
From the wallet (library side) DID resolution can be left out of scope, which means that it could be caller's responsibility to provide a resolver with the DID methods that trusts and supports.
Currently, library doesn't support
client_id_schemeequal todid, which is one of the scheme described in OpenId4VP.In case of
client_id_schemeequal todidthe following rules must be implemented:client_idmust be DIDkidattribute with a DID URL pointing to a specific pub key inside the DID Document.From the wallet (library side) DID resolution can be left out of scope, which means that it could be caller's responsibility to provide a resolver with the DID methods that trusts and supports.