OID4VCI - recommend RFC 8414 for authorization and token endpoint discovery
Issue #2021
closed
When implementing an OID4VCI compliant Wallet it is currently not completely clear how to obtain a Credential Issuer’s AS authorization- and token endpoint.
Both https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#section-5 and https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#name-token-endpoint do not mention how to obtain the authorization- and token endpoint respectively, but refer to RFC 6749.
However https://www.rfc-editor.org/rfc/rfc6749.html#section-3.1 states:
The means through which the client obtains the location of the authorization endpoint are beyond the scope of this specification, but the location is typically provided in the service documentation.
In similar fashion https://www.rfc-editor.org/rfc/rfc6749.html#section-3.2 states:
The means through which the client obtains the location of the token endpoint are beyond the scope of this specification, but the location is typically provided in the service documentation.
Preferably one would like to implement a compliant Wallet as generic as possible so “typically provided in the service documentation” is not very satisfying.
So I would propose to mention https://datatracker.ietf.org/doc/html/rfc8414 in the spec so that for Wallets at least it is very simple to acquire the required authorization- and token endpoints.
Comments (3)
-
reporter
-
great! thank you.
-
- changed status to closed
- Log in to comment
- Assignee
- –
- Type
- Priority
- Status
- closed
- Component
- Credential Issuance
- Milestone
- –
- Version
- –
- Votes
- 0
- Watchers
- 1
Apologies, this issue can be closed. I overlooked the
authorization_serverdescription in https://openid.bitbucket.io/connect/openid-4-verifiable-credential-issuance-1_0.html#section-10.2.3.