Open reinkrul opened 6 days ago
Chosen solution is to take the client_id
from the initial OAuth2 Authorization Code flow, but then as URL. This can then be used to "return to sender" OpenID4VP Authorization Requests.
client_id
is currently a DID, which has to be changed to issuer URL.
When an auth server received an OAuth2 Authz Code Flow request, it switches to OpenID4VP to request a presentation from the client requesting the access token. For this, it needs the AS metadata of the client, to sent the OpenDI4VP Authz Request to.
The metadata URL is determined by taking the
client_id
, which currently always is a did:web DID, converting it to a URL and then fetching the metadata from the well-known endpoint. Since we're moving towards explicitly specifying Auth Server URLs, away from assuming convertability from the DID to a URL, this should be changed.Options: