content of authorization details in token response

[Sakurann]

On your second comment, nothing prevents AS/RS from using the same value for credentials_upported_identifier and c_instance_identifier, but conceptually, I really think these parameters needs to be separate.

Are the details really relevant?

I honestly don't know.. RAR spec says "The AS MAY omit values in the authorization_details to the client." in https://datatracker.ietf.org/doc/html/rfc9396#name-token-response. so I think that means that structure below is technically valid, because "type" is the only required parameter if I am correct. but I am not sure if format and type should be omitted here, maybe when there is only one credential being issued, but not when there are multiple, because having type and format here provides a clear binding between an identifier and type/format. cc @tlodderstedt @bc-pi as RAR experts

    "c_nonce_expires_in": 86400,
    "authorization_details": [
      {
        "type": "openid_credential",
        "c_instance_identifiers": [ "CivilEngineeringDegree-2023", "ElectricalEngineeringDegree-2023" ]
      }
    ]

_Originally posted by @paulbastian and commented by @Sakurann in https://github.com/openid/OpenID4VCI/pull/65#discussion_r1373827708_

[Sakurann]

I think this is somewhat related to #102 which is about the content of authorization details in authorization request and this issue is about its content in token response

[tlodderstedt]

The client must be able to distinguish authorization details based on format and (perhaps) type as there could be multiple of them.