[pending close] OpenID4VCI nonce reuse and batch credential request
Issue #1842
closed
- Should the
c_nonceused on the credential requestproofbe a one-time use value (as the nonce name seems to suggest) or can it be used more than once? I didn’t found any information or guidance about this on the VCI specification. - If the
c_nonceis a one-time use value, then can't that create a problem for batch credential requests, which need to contain multiple proofs? There doesn’t seem to be a way for a client/wallet to get more than one nonce to use on a batch credential request.
Comments (7)
-
-
- changed component to Credential Issuance
-
Thanks for raising this topic.
The verifier MUST use a nonce value provided by AS or CI as long as the CI does not provide a fresh value. Section 6.2. states: “When received, the Wallet MUST use this nonce value for its subsequent credential requests until the Credential Issuer provides a fresh nonce.“. Section 7.3. states “When received, the Wallet MUST use this nonce value for its subsequent credential requests until the Credential Issuer provides a fresh nonce.”
We defined this behavior especially to prevent any issues with batch credential issuance.
-
pending close. I think the question has been answered.
-
- changed title to [pending close] OpenID4VCI nonce reuse and batch credential request
-
reporter
OK to close by me. Should I do it, since I was the creator?
-
- changed status to closed
you can close yourself too :)
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- closed
- Component
- Credential Issuance
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
We discussed 2. and I believe the answer was that the same c_nonce can be used for all PoP in the same batch credential request if I remember correctly. However, having some guidance on nonce management would definitely be beneficial.