As per discussion on the issue, client secret based authentication methods aren't the best choice for an example in the VCI spec as it seems highly unlikely wallets will use client secrets to authenticate to issuers.
Switch to using a private_key_jwt in the example instead, copied from the example in the RFC:
As per discussion on the issue, client secret based authentication methods aren't the best choice for an example in the VCI spec as it seems highly unlikely wallets will use client secrets to authenticate to issuers.
Switch to using a private_key_jwt in the example instead, copied from the example in the RFC:
https://datatracker.ietf.org/doc/html/rfc7523#section-2.2
This was the only instance of client secret basic in the whole spec.
closes #130