openid / OpenID4VCI

68 stars 20 forks source link

Change token endpoint example to use private_key_jwt #281

Closed jogu closed 8 months ago

jogu commented 8 months ago

As per discussion on the issue, client secret based authentication methods aren't the best choice for an example in the VCI spec as it seems highly unlikely wallets will use client secrets to authenticate to issuers.

Switch to using a private_key_jwt in the example instead, copied from the example in the RFC:

https://datatracker.ietf.org/doc/html/rfc7523#section-2.2

This was the only instance of client secret basic in the whole spec.

closes #130