search

italia / eudi-wallet-it-docs

Italian EUDI Wallet Technical Specifications
Creative Commons Zero v1.0 Universal
56 stars 20 forks source link

[Issuance] Error handling at Issuance stage #417

Closed grausof closed 1 month ago

grausof commented 2 months ago

Currently the OID4VC specification deals exclusively with regulating errors that can occur on the credential endpoint due to a Bad Request (400) made by the client (section 7.3.1.2).

But obtaining the credential could also fail for other reasons not necessarily related to the request but perhaps because the user is not entitled to that credential or it has been revoked and is no longer available for issuance. These errors could fall within the status code 403 Forbidden or 404 Not Found. It is therefore necessary to inform the user of the reason why this credential was not issued.

An example of a response could therefore be something like:

HTTP/1.1 403 Forbidden
Content-Type: application/json
Cache-Control: no-store

{
  "error": "credential_revoked"
}

where the error parameter can take on a series of error identifiers specific to each individual credential. Since it is up to the issuer to specify which errors it supports for each credential, it could be useful to indicate them within the metadata, in particular in credential_configurations_supported by adding the parameter issuance_errors_supported within the single credential

"credential_configurations_supported": {
    "MDL": {
          ...,
          "issuance_errors_supported": ...
     },
     ...
}

The structure of issuance_errors_supported could be like this:

{
  "issuance_errors_supported": {
    "credential_not_found": {
      "display": [
        {
          "title": "La tua patente non risulta negli archivi",
          "description": "....",
          "locale": "it-IT"
        },
        {
          "title": "Credential not found",
          "description": "...",
          "locale": "en-US"
        }
      ]
    },
    "credential_revoked": {
      "display": [
        {
          "title": "La tua patente risulta revocata",
          "description": "...",
          "locale": "it-IT"
        },
        {
          "title": "Your driving licens is revoked",
          "description": "...",
          "locale": "en-US"
        }
      ]
    }
  }
}
peppelinux commented 1 month ago

Regarding the localization of each error description we must rely on HTTP Accept-Language request header

https://openid.github.io/OpenID4VCI/openid-4-verifiable-credential-issuance-wg-draft.html#section-10.2.2-8

regarding the extensions of the errors keys/values this needs further works within the DCP WG

peppelinux commented 1 month ago

generally the errors credential_not_found and credential_revoked could be represented with credential_request_denied and specialized description errors

however, obtaining a localized description value within the credential response json object would require the HTTP Accept-Language request header at the credential endpoint