[Openid-specs-ab] Issue #1603: How to request specific claims to be included in a Self-Issued ID Token when SIOP v2 is used with OpenID4VP? (openid/connect)

Thu Aug 18 04:52:55 UTC 2022

New issue 1603: How to request specific claims to be included in a Self-Issued ID Token when SIOP v2 is used with OpenID4VP?
https://bitbucket.org/openid/connect/issues/1603/how-to-request-specific-claims-to-be

Kristina Yasuda:

The Use-case is the following; the verifier wants to request the wallet to return certain user claims in the ID Token and not a VC, while also requesting presentation of a VC of a certain type\). Verifier is using OpenID4VP and SIOP v2.

* option 1: use OIDC “claims“ parameter with “id\_token“? 
* option 2: using scopes to specify a claim value to be put in the ID Token? than how does the wallet know which type refers to a VC type and which one to an ID Token - can namescpes, etc. I guess
* option 3: use presentation\_definition 

    * define a "type" that describes an ID Token with certain user claims and request it in presentation\_definition \(without specifying it belongs in the ID Token\). Wallet will have to know to include it in the ID Token and will indicate in presentation\_submission that it is returning that type in an ID Token. But when working with examples I realized there is no claim in the ID Token that can be used to indicate it’s “type“ right now \(which we could define I guess….\) option 3 would look like the following? :

Request

```json
"input_descriptors": [
        {
            "id": "id_credential",
            "constraints": {
                "fields": [
                    {
                        "path": [
                            "$.vc.type"
                        ],
                        "filter": {
                            "type": "array",
                            "contains": {
                                "const": "IDCredential"
                            }
                        }
                    }
                ]
            }
        },
        {
            "id": "id_token_liveness",
            "constraints": {
                "fields": [
                    {
                        "path": [
                            "$.type"
                        ],
                        "filter": {
                            "type": "string",
                            "contains": {
                                "const": "id_token_liveness"
                            }
                        }
                    }
                ]
            }
        }
    ]
```

Response

```
"descriptor_map": [
    {
      "id": "id_credential",
      "path": "$",
      "format": "jwt_vp",
      "path_nested": {
        "path": "$.vp.verifiableCredential[0]",
        "format": "jwt_vc"
      }
    },
    {
      "id": "id_token_liveness",
      "path": "$", //not sure what to use...
      "format": "siop_id_token",//need to define a new one?
    }
  ]
```

‌