OIDC4VCI - error response for missing nonce
Issue #1699
closed
The current error code for a missing nonce is invalid_or_missing_proof
. Is this the most appropriate error response for this? Or would a more accurate error of invalid_or_missing_nonce
to be more appropriate. This latter error does inform the wallet what to do next in order to correct the error, whereas the former is perhaps too vague to allow the wallet to determine which next step to take.
Comments (5)
-
-
invalid_or_missing_proof
doesn’t seem to fit the scenario. -
if a nonce is missing, AS/Issuer will return
c_nonce
alongsideinvalid_proof
so the wallet will know what to fix. so I thinkinvalid_proof
meets the use-cases.. -
do we agree that AS returning
c_nonce
alongsideinvalid_proof
coversinvalid_nonce
use-case?pending close.
-
- changed status to closed
- Log in to comment
it also tells the attacker how to refine their attack