Dynamic wallet/client metadata negotiation
Issue #2057
resolved
Hi. I have a question wrt dynamic wallet-client metadata negotiation.
Most OID4VP flows will use the request_uri approach where the request object is fetched from the server.
In a basic authorisation request, Verifier presents its metadata (as value or as reference via client_metadata). Wallet could send its metadata to the request_uri endpoint and the server could generate a request that matches the Wallet requirements. Of course it is the server who defines the minimal requirements (wallet should not be able to downgrade the config from a security point of view)
Minimal assumption by the server would be the wallet authorisation endpoint.
Comments (2)
-
reporter -
- changed status to resolved
Closing, per Alen's comment.
- Log in to comment
Addressed in https://bitbucket.org/openid/connect/issues/1401/advanced-cross-device-flow-for-siop. Issue can be closed.