[Openid-specs-ab] Issue #1603: How to request specific claims to be included in a Self-Issued ID Token when SIOP v2 is used with OpenID4VP? (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Thu Aug 18 04:52:55 UTC 2022
New issue 1603: How to request specific claims to be included in a Self-Issued ID Token when SIOP v2 is used with OpenID4VP?
https://bitbucket.org/openid/connect/issues/1603/how-to-request-specific-claims-to-be
Kristina Yasuda:
The Use-case is the following; the verifier wants to request the wallet to return certain user claims in the ID Token and not a VC, while also requesting presentation of a VC of a certain type\). Verifier is using OpenID4VP and SIOP v2.
* option 1: use OIDC “claims“ parameter with “id\_token“?
* option 2: using scopes to specify a claim value to be put in the ID Token? than how does the wallet know which type refers to a VC type and which one to an ID Token - can namescpes, etc. I guess
* option 3: use presentation\_definition
* define a "type" that describes an ID Token with certain user claims and request it in presentation\_definition \(without specifying it belongs in the ID Token\). Wallet will have to know to include it in the ID Token and will indicate in presentation\_submission that it is returning that type in an ID Token. But when working with examples I realized there is no claim in the ID Token that can be used to indicate it’s “type“ right now \(which we could define I guess….\) option 3 would look like the following? :
Request
```json
"input_descriptors": [
{
"id": "id_credential",
"constraints": {
"fields": [
{
"path": [
"$.vc.type"
],
"filter": {
"type": "array",
"contains": {
"const": "IDCredential"
}
}
}
]
}
},
{
"id": "id_token_liveness",
"constraints": {
"fields": [
{
"path": [
"$.type"
],
"filter": {
"type": "string",
"contains": {
"const": "id_token_liveness"
}
}
}
]
}
}
]
```
Response
```
"descriptor_map": [
{
"id": "id_credential",
"path": "$",
"format": "jwt_vp",
"path_nested": {
"path": "$.vp.verifiableCredential[0]",
"format": "jwt_vc"
}
},
{
"id": "id_token_liveness",
"path": "$", //not sure what to use...
"format": "siop_id_token",//need to define a new one?
}
]
```
More information about the Openid-specs-ab
mailing list