- changed status to new
OID4VP - (old) Chapter 3 diagrams could use an update
Even though the spec contains the following note:
Note: The diagram does not illustrate all the optional features of this specification.
The current diagrams suggest to the reader that the main difference between the same-device flow and the cross-device flow is that the same-device flow does not include retrieving the Request Object from a request_uri. That is not true, as you can pass the request_object by reference in the same device flow as well.
Comments (6)
-
-
would it be acceptable if we make it clearer that
request_uri
can be used with both flows without changing any of the examples and that the point of the example is to illustrate both options with and withoutrequest_uri
? -
I believe that was one of the main issues with the current diagrams. Yes.
-
I honestly don’t think it’s as big of a deal to call it a “main issue“ - a bit of knowledge of OAuth and a quick read of rfc9101 will make it clear request object can be used with same device too.
-
- changed status to open
-
- changed status to resolved
PR merged.
- Log in to comment