Missing access_token in the Credential Request

[alejandro-nieto-git]

According to OID4VC specs (https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html) the access_token has to be sent alongside the proof of possession of the key material the issued Credential shall be bound to but only the proof is sent. There is a reason for this or is a future fix planned to be fully standard?. Below is an example of a Credential Request:

[JettyServerThreadPool-22] INFO id.walt.services.oidc.OIDC4CIService - Sending credential request to http://localhost:8000/issuer-api/oidc/credential
 {"format" : "jwt_vc", "proof" : {"jwt" : "eyJraWQiOiJkaWQ6a2V5Ono2TWttdVAzMTNxczRoQ252OEdSUTVTSkxhejRkUlozQXNWWlZRb0drbXVWZHBRSiN6Nk1rbXVQMzEzcXM0aENudjhHUlE1U0pMYXo0ZFJaM0FzVlpWUW9Ha211VmRwUUoiLCJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJpc3MiOiJkaWQ6a2V5Ono2TWttdVAzMTNxczRoQ252OEdSUTVTSkxhejRkUlozQXNWWlZRb0drbXVWZHBRSiIsImF1ZCI6Imh0dHA6Ly9sb2NhbGhvc3Q6ODAwMC9pc3N1ZXItYXBpL29pZGMvIiwiaWF0IjoxNjcyOTIwODQ4LCJub25jZSI6IjVmYjYwYjU4LTRlMjMtNDc4YS1iNWQyLTFhNmFkZmRjMDZmMyJ9.UzhoHaFViNqWdoNHx-lol_3G0lT03ybSJkaqGzglb4W24gtjDmILiRqxe4zX22os064cvQZOhYPkyEcKF8uiAA", "proof_type" : "jwt"}, "type" : "MedicCredential"}

[severinstampler]

Hi @alejandro-nieto-git The access_token is sent in the Authorization header, not in the request body. The log doesn't show the request headers. You can also see it in the example in the OIDC4VC spec: https://openid.net/specs/openid-4-verifiable-credential-issuance-1_0.html#name-credential-request