Response type code and token response

[awoie]

Spec says:

If the Response Type value is code (Authorization Code Grant Type), the VP Token is provided in the Token Response.

This seems not enough information for the AS to decide whether the VP Token should be returned from the Token Endpoint. The AS will need additional info such as scope value refers to presentation definition, or presentation_definition is contained in the request.

[jogu]

The relevant section, https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-6 has this at the start:

A VP Token is only returned if the corresponding Authorization Request contained a presentation_definition parameter, a presentation_definition_uri parameter, or a scope parameter representing a Presentation Definition Section 5.

So I think we're probably okay from a normative perspective?

If you found it unclear a suggestion on better wording would be good :)

[awoie]

Right, I'll make a PR to clarify this better.

[awoie]

I read the section again and I think it is pretty clear that the VP token is returned from the Token endpoint in case of response_type code.