[OIDC4VCI] protocol optimization

A placeholder issue to discuss optimizing the flows, once we stabilize the protocol. Some of the current ones are:

include p_nonce in Issuance Initiation Request (PR #98) - may introduce security vulnerability because attacker can send an Issuance Initiation Request with a random p_nonce and legitimate issuer identifier, and encourage the wallet to generate a replayable input VP
include login_hint in Authorization Request (PR #98) - potentially not needed since including op_state in the authorization request is more actionable for the Issuer

‌

Comments (1)