Open OIDF-automation opened 1 year ago
please see PR#524. it adds a client_id_scheme using a sender constrained JWT in a header which I think is very close to what you are asking for.
I think the link is wrong. It refers to an issue from 2012 which does not appear to be related.
My issue is not about the client_id_scheme, but rather about having the option so send a verifiable presentations containing VCs along with an authorization request.
@F-Node-Karlsruhe could you please explain to what nonce/aud is verifiable presentation in the authorization request will be bound to? would be great if you could elaborate just a little more on the use-case/requirements why VP is needed in the presentation request? if the purpose is to send a VC/VP to authenticate the verifier, there is a verifier_attestation
mechanism.
Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1954
Original Reporter: EECC
For the authorization request with the
client_id_scheme
did
the authorization currently consists of the signature validation of the DID (resolve + verify) in the authorization header.For some use cases this authorization is not sufficient. Thinking of GS1 Chained Licence Credentials for authorization for instance.
For those situations it would be preferable to allow signed verifiable presentations carrying the necessary credentials in the authorization request. There are two options for this from my perspective:
I mentioned
client_id_scheme
did
only for now as it is the one used in our use case, but this improvement might be worth considering for other client_id_schemes as well.