search

italia / eudi-wallet-it-docs

Italian EUDI Wallet Technical Specifications
Creative Commons Zero v1.0 Universal
56 stars 20 forks source link

response_code in the Presentation Flow #355

Closed fmarino-ipzs closed 4 months ago

fmarino-ipzs commented 4 months ago

In the last step of the Presentation flow the RP provides the Wallet Instance with a redirect_uri parameter within the HTTP response. The non-normative example is the following one.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "redirect_uri": "https://relying-party.example.org/cb#response_code=091535f699ea575c7937fa5f0f454aee"
}

The response_code MUST be given as a query parameter as follows.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "redirect_uri": "https://relying-party.example.org/cb?response_code=091535f699ea575c7937fa5f0f454aee"
}
peppelinux commented 4 months ago

how this impacts on the possibility to provide the response_uris in a verifiable and signed metadata without removing the power to the RPs to randomize it?