Closed OIDF-automation closed 1 month ago
The more spec-defined error codes the better imo. It’s a bother, but really helps resolve integration issues down the road. I think this is a suitable case for such an additional code.
Out of curiosity, is it something that is realistically necessary, or is it just a discussion about hypothetical possibilities?
BTW, it can be achieved by making the credential_endpoint
issuer metadata OPTIONAL. The issuer that wants wallets to use the batch credential endpoint instead of the credential endpoint can indicate it by including batch_credential_endpoint
and not including credential_endpoint
in its metadata.
@{557058:5ac0eada-9199-4cf8-a9b7-ced6b4d483a1} support for the Credential Endpoint is mandatory for every implementation right now from the interoperability perspective. we can revisit this but I see the benefit of an endpoint both sides can fall back to..
from what I understood this is the issue @{63696ff6c383ad8421462592} 's team has faced.
In our case, there is a more tight integration between the wallet and the issuer. In that particular example, the issuer doesn’t support single credential endpoint, only the batch credential endpoint and the wallet is aware of that.
To force the wallet to use batch instead of single if there is no such relationship like I explained above, I’d prefer either 1) to make the credential endpoint optional AND to have either batch or single credential endpoint in the metadata OR 2) to merge credential and batch credential endpoint into one endpoint.
the issuer doesn’t support single credential endpoint, only the batch credential endpoint and the wallet is aware of that.
this is technically, out of compliance with the spec, which mandates credential endpoint..
I am not comfortable with neither of the choices you propose.. making credential endpoint interop will kill minimum interop and merging them will overload one endpoint, which is against the original design goal.
I was thinking more in line of the wallet trying to use credential endpoint and receiving a response that tells the wallet to use batch endpoint…
https://github.com/openid/OpenID4VCI/pull/364 has removed the batch credential endpoint (now that the normal credential endpoint can issue batches of a single credential there was no clear need for an endpoint that issued different datasets in a single request, and there were lots of unsolved problems with doing so so the working group agreed removing was the best way forward).
Hence closing this issue. Feel free to comment/reopen if I missed some aspect that's still applicable.
Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1936
Original Reporter: KristinaYasuda
What if the Wallet sent the request to the credential endpoint, but the Issuer wants the Wallet to use Batch endpoint, but credential endpoint? Should there be a credential error response/token error response that tells the wallet to send batch credential endpoint?
(cc @{63696ff6c383ad8421462592} )