- changed status to new
direct_post.jwt vs require_authorization_encrypted_response
Issue #2058
wontfix
Hi.
Would it make sense to move the value, that defines whether the response must be encrypted or not, in the configuration?
e.g., direct_post.jwt enables response encryption. All the encryption-related metadata is in the configuration, but whether or not the encryption is required.
Follow-up question is: would it make sense to also have a possibility to just encrypt the vp_token? (same JWE encryption approach as for the response)
Comments (2)
-
-
- changed status to wontfix
We discussed this on the 21-Sep-23 working group call. Closing, since this issue is not in the correct repository.
- Log in to comment
Please file this issue at https://github.com/openid/OpenID4VP/issues. We are no longer working on OpenID4VC issues in Bitbucket.