Closed reinkrul closed 1 year ago
As long as the other side is a Nuts node, we can most probably skip retrying at all and return an error if the credential could not be retrieved, as long as the issuing node retries offering the credential. Reasoning:
We should probably have the wallet respond with a more specific response than specified: the OpenID4VCI spec states issuer expects no response (we implemented it as 202 - Accepted
with OK
); because if the wallet is misconfigured (e.g. leading to a static HTML page) the issuer currently assumes the offer was delivered successfully, while it wasn't. Then the VC issuance doesn't fallback to issuance over the Nuts network, and the VC will never be received by the holder.
Since the pre-authorized flow will probably be replaced by the auth code flow (and probably not be used by any other issuer/wallet other than the Nuts node), the trade-off introducing an out-of-spec response for the credential offer and checking it on the issuer side, it probably worth it.
So for now:
{"status": "credential_retrieved"}
. The issuer will check this status; if it receives anything else (e.g. an error) it will fallback to issuance over the networkOK for now, we'll need a follow up issue for more complicated flows.
Follow up issue: https://github.com/nuts-foundation/nuts-node/issues/2039
Accept credential offers and store them in a persistent store so they can be retried.
Probably needs fields like: