- changed status to new
Allow VP as authorization in authorization request
Issue #1954
resolved
For the authorization request with the client_id_scheme did the authorization currently consists of the signature validation of the DID (resolve + verify) in the authorization header.
For some use cases this authorization is not sufficient. Thinking of GS1 Chained Licence Credentials for authorization for instance.
For those situations it would be preferable to allow signed verifiable presentations carrying the necessary credentials in the authorization request. There are two options for this from my perspective:
- including a vp into the authorizing JWT header itself
- Allow a POST authorization request which contains, apart from the auth header, the verifiable presentation in the request body for authorization
I mentioned client_id_scheme did only for now as it is the one used in our use case, but this improvement might be worth considering for other client_id_schemes as well.
Comments (4)
-
-
please see PR
#524. it adds a client_id_scheme using a sender constrained JWT in a header which I think is very close to what you are asking for. -
reporter
I think the link is wrong. It refers to an issue from 2012 which does not appear to be related.
My issue is not about the client_id_scheme, but rather about having the option so send a verifiable presentations containing VCs along with an authorization request.
-
- changed status to resolved
Migrated to GitHub
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- resolved
- Component
- Verifiable Presentation
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
