OIDC4VP response from the userInfo endpoint
Issue #1344
resolved
This is the placeholder to document the discussion during the SIOP call that
- extentions to userInfo endpoint will be needed if VPs were to be returned from userInfo endpoint with repeated requests
- crypto (usage of nonce) will be different because there's no request for presentation from the verifier as part of the userInfo endpoint. There are algorithms where holder needs to supply nonce to be able to check if returned value is correct. George agreed
- access token is not sufficient to generate a new VP
and the need to clarify how VPs can be sent back using userInfo endpoint, if we want to make that possible.
Comments (3)
-
Account Deactivated
-
reporter
Jeremie, OIDC4VP can be used not only with SIOP, but also with code flow, userInfo would have been used with OIDC4VP and the code flow. (the discussion should be documented in the SIOP call closest to the date of the Issue)
However, usage of the UserInfo endpoint in OIDC4VP will be removed when PR #79 is merged.
-
reporter
- changed status to resolved
Resolved by Issue
#79 - Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Verifiable Presentation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 2
I may have missed the meeting where this was discussed, could someone point to or add context here of what use case this is for?
It seems very difficult to try and support, how does an RP even access a userInfo endpoint on an SIOP instance that is a native app?