Sakurann
commented
1 month ago why is this ID-3? doesn't look like there was a discussion nor agreement to do this..?
Open tlodderstedt opened 8 months ago
Sakurann
commented
1 month ago why is this ID-3? doesn't look like there was a discussion nor agreement to do this..?
jogu
commented
1 month ago As far as I can recall it was because we aimed to address all feedback on request uri post mode PR before publishing it in an ID. There was no agreement on whether we actually made a change or not, just that we affirmatively decided to make the change or to decide not to do it and close the issue.
In the course of the discussion around PR #59 it was suggested to allow the Verifier to return a plain JSON Request Object. This is not supported by RFC 9101, which defines the basis of the Request URI endpoint, but could be added by the OID4VP spec.
The basic idea was to let the Wallet determine the expected formats by way of content types, "application/oauth-authz-req+jwt" and another media type for the plain JSON request object. Candidates might be "application/json" or perhaps "application/oauth-authz-req".