- changed status to resolved
[OIDC4VCI] protocol optimization
Issue #1392
resolved
A placeholder issue to discuss optimizing the flows, once we stabilize the protocol. Some of the current ones are:
- include p_nonce in Issuance Initiation Request (PR #98) - may introduce security vulnerability because attacker can send an Issuance Initiation Request with a random p_nonce and legitimate issuer identifier, and encourage the wallet to generate a replayable input VP
- include login_hint in Authorization Request (PR #98) - potentially not needed since including op_state in the authorization request is more actionable for the Issuer
Comments (1)
-
reporter - Log in to comment
superseded by the recent PRs, discussions. @Torsten Lodderstedt would you agree?