Closed ydanneg closed 2 months ago
Ηι @ydanneg
Literally reading the reference you provided, the location must be provided when there is a authorization_servers
array.
On the other hand:
authorization_servers
array with a single value? In this case, authorization request (simple or PAR) will be send to this server anyway.authorization_code
or/and urn:ietf:params:oauth:grant-type:pre-authorized_code
grants (see here)Bottom line, I think that location
should be provided in case there are more than one authorizations_servers
and in addition the credential offer doesn't explicitly define an authorization_server
.
Nevertheless, I will check this again.
Perhaps, an easy way to implement this - leaving aside spec questioning - would be to add to AuthorizationServerClient
a private member private val includeLocation: Boolean
.
Depending on this, the location attribute could be set or not.
The value of includeLocation
could be calculated by the factory method that instantiates AuthorizationServerClient
found on the companion object of Issuer
My analysis was wrong. Please check PR #201 for the solution provided
Hi.
Specification says we should add (conditionally)
Location
toAuthorizationDetails
which is missing now. https://github.com/eu-digital-identity-wallet/eudi-lib-jvm-openid4vci-kt/blob/main/src/main/kotlin/eu/europa/ec/eudi/openid4vci/internal/AuthorizationServerClient.kt#L365ref: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#section-5.1.1