wallet invocation ''no specific authorization_endpoint" option is under defined

[jogu]

In the wallet invocation section ( https://openid.github.io/OpenID4VP/openid-4-verifiable-presentations-wg-draft.html#section-7 ) this is one of the options:

no specific authorization_endpoint, user scanning a QR code with Authorization Request using a manually opened Wallet, instead of an arbitrary camera application on a user-device (neither custom URL scheme nor Universal/App link is used)

This isn't very clear. I think it means you treat the Authorization Endpoint as being an empty string and hence the QR code contains something like:

?response_type=vp_token
    &client_id=https%3A%2F%2Fclient.example.org%2Fcb
    &redirect_uri=https%3A%2F%2Fclient.example.org%2Fcb
    &presentation_definition=...
    &nonce=n-0S6_WzA2Mj

However if we want this option to be interoperable then we probably need to be more specific and explicitly say we mean that the Authorization Endpoint url is treated as an empty string in this case.

[jogu]

The implementers on last night's working group call indicated that they'd never used this 'no specific authorization_endpoint' option - they always used QR codes that were https urls or custom url schemes.

They did indicate that it's not always clear what custom URL scheme a wallet might react to and in some cases it was advantageous if the wallet's in-app qr code scanner was tolerant of different custom url schemes.