italia / eudi-wallet-it-docs

Italian EUDI Wallet Technical Specifications
Creative Commons Zero v1.0 Universal
56 stars 20 forks source link

[Relying Party Solution] [Remote Flow] Unclear definition of authorize request #383

Closed Zicchio closed 1 month ago

Zicchio commented 2 months ago

In the non-normative example of RP auhorization request, to the best of my knowledge there are up to 3 issues. https://github.com/italia/eudi-wallet-it-docs/blob/6d06ccfd551d005a2211c4489936fc2faa0c7fa8/docs/en/remote-flow.rst?plain=1#L163 (1) the scheme invocation is https://, but accordin to HAIP haip:// should be preferred when the Wallet Instance is a mobile app. (2) It is not clear what the host of the request should be. In the example, it is wallet-solution.digital-strategy.europa.eu. I'll refrain from making a sugegstion as this is beyond my area of expertise. (3) the authorization endpoint of the example request is /authorization but the default authorization endpoint in OAuth is /authorize. Unless there is a particular reason to change the authorization endpoint, I would stick the example with the default.

peppelinux commented 1 month ago
  1. unfortuantely HAIP will not be ready for the end of the year and for the eudi-wallet-it-docs we will go for openid4vp://. this will be further consolidated with the team and this message represent the first official evidence about this change proposal

  2. it was an univeral link previously registered within the user env

  3. endpoints are configured using metadata, it is relative to the deploy