How does PAR work with SIOPv2?

openid / oid4vc-haip-sd-jwt-vc

High Assurance Profile of OID4VP and OID4VCI using SD-JWT VC and mdocs that is privacy preserving, secure, and meets regulatory requirements

29 stars 7 forks source link

How does PAR work with SIOPv2? #106

Open decentralgabe opened 2 months ago

decentralgabe commented 2 months ago

Section 4.2 states:

MUST use Pushed Authorization Requests (PAR) [RFC9126] to send the Authorization Request.

Wallets MUST authenticate itself at the PAR endpoint using the same rules as defined in Section 4.3 for client authentication at the token endpoint.

Does this mean that a wallet must have a publicly-addressable endpoint to receive authorization requests?

Sakurann commented 2 months ago

section 4 applies only to VCI, not VP, so PAR is only for VCI and not VP

decentralgabe commented 2 months ago

thanks, so is this understanding correct?

A wallet does not need have a publicly addressable endpoint
When doing authZ as a part of VCI the wallet sends an auth request (PAR) to the credential issuer