[oidc4ci] openid_initiate_issuance is an invalid URI scheme

Comments (11)

1. 

   Kristina Yasuda

   Proposal A is treated as equivalent to openid:// either in iOS or Android, don’t remember which one but one of them treats ignores what is after ://. So let’s go with Proposal B?

   • 2022-05-19T13:37:21+00:00
2. 

   Tobias Looker

   I vote for proposal A why do we need a different URL scheme? In android you can register intents on more than just the URL scheme also not sure about iOS.

   • 2022-05-20T04:42:59+00:00
3. 

   Kristina Yasuda

   Openid:// is reserved for SIOPs with specific metadata, and I don’t expect many to use it. So using openid:// in the issuance spec does not really make sense.

   • 2022-05-20T04:51:22+00:00
4. 

   Alen Horvat reporter

   Question is, whether we can use the same schema with different endpoints

   e.g.,:

   openid://authorizations (for SIOP, may we’ll need another one for OID4VP?)

   openid://initiate-issuance

   I’m not an expert on mobile platforms so I don’t know which solutions are feasible.

   Supporting questions:

   • Can mobile apps register multiple intents?

   ‌

   • 2022-05-20T04:58:47+00:00
5. 

   Tobias Looker

   So using openid:// in the issuance spec does not really make sense.

   I dont understand why not? The scheme really should just be reserved for any openid supporting application, what they support in terms of SIOP requests vs issuer initiate requests should be communicated in the path. Makes no sense to me to register multiple schemes we would be causing a proliferation at the wrong layer.

   ‌

   • 2022-05-20T05:32:08+00:00
6. 

   Tobias Looker

   Can mobile apps register multiple intents?

   On android this is quite flexible https://developer.android.com/training/app-links/deep-linking, im less sure about iOS

   • 2022-05-20T05:35:06+00:00
7. 

   Kristina Yasuda

   PR #226 (cc @David Waite )

   • 2022-06-28T06:30:59+00:00
8. 

   David Waite

   I do not know what the initiate-issuance function is so I can’t weigh in there.

   on iOS it is a trade-off since custom uri schemes are discouraged

   • you register for a uri scheme, not a particular path match. You get the entire URI in your app (including fragment), but you won’t have say App A gets invoked on one path and App B gets another
   • You are limited in the number of URI schemes you can invoke as an app
   • You are limited in the number of URI schemes you can register as an app
   • You cannot currently control what app is invoked for a given URI scheme

   They are useful when you have an open-ended list of potential apps which might be invoked, like say any IRC client. They are generally a bad idea if it is a controlled list, such as after metadata has been negotiated.

   ‌

   • 2022-07-04T18:12:34+00:00
9. 

   Kristina Yasuda

   • changed milestone to Implementer's Draft
   • assigned issue to
     
     Kristina Yasuda

   • 2022-07-13T22:20:52+00:00
10. 

    gffletch

    A couple of things…

    1. We probably should discourage use of custom schemes where possible
    2. I think we probably need a different custom scheme for initiate_issuance to deal with the case where only some Wallet want to handle this case. This will reduce the number of apps that register the same custom scheme which has security and user experience implications.

    ‌

    • 2022-07-14T15:41:15+00:00
11. 

    Kristina Yasuda

    • changed status to resolved

    PR merged and original issue addressed, but discussion on a best custom scheme continues in #1570

    • 2022-08-10T05:35:08+00:00
12. Log in to comment