[Openid-specs-ab] Issue #1344: OIDC4VP response from the userInfo endpoint (openid/connect)

Kristina Yasuda issues-reply at bitbucket.org
Wed Sep 29 20:38:03 UTC 2021

New issue 1344: OIDC4VP response from the userInfo endpoint

Kristina Yasuda:

This is the placeholder to document the discussion during the SIOP call that

*  extentions to userInfo endpoint will be needed if VPs were to be returned from userInfo endpoint with repeated requests
* crypto \(usage of nonce\) will be different because there's no request for presentation from the verifier as part of the userInfo endpoint. There are algorithms where holder needs to supply nonce to be able to check if returned value is correct. George agreed
* access token is not sufficient to generate a new VP

and the need to clarify how VPs can be sent back using userInfo endpoint, if we want to make that possible.

More information about the Openid-specs-ab mailing list