Open jtalir opened 2 weeks ago
As specified in https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#name-credential-issuer-metadata, if credential issuer metadata doesn't contain "authorization_servers" (which is the case for https://issuer.eudiw.dev/.well-known/openid-credential-issuer) credential issuer acts as authorization server. This implies: "The actual OAuth 2.0 Authorization Server metadata is obtained from the oauth-authorization-server well-known location as defined in Section 3 of [RFC8414]."
The issue is that there are no authorization server metadata at https://issuer.eudiw.dev/.well-known/oauth-authorization-server
As specified in https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#name-credential-issuer-metadata, if credential issuer metadata doesn't contain "authorization_servers" (which is the case for https://issuer.eudiw.dev/.well-known/openid-credential-issuer) credential issuer acts as authorization server. This implies: "The actual OAuth 2.0 Authorization Server metadata is obtained from the oauth-authorization-server well-known location as defined in Section 3 of [RFC8414]."
The issue is that there are no authorization server metadata at https://issuer.eudiw.dev/.well-known/oauth-authorization-server