[Openid-specs-ab] Issue #1552: Clarify how silent credential refresh is done in OpenID4VCI (openid/connect)
Kristina Yasuda
issues-reply at bitbucket.org
Thu Jul 14 21:13:18 UTC 2022
New issue 1552: Clarify how silent credential refresh is done in OpenID4VCI
https://bitbucket.org/openid/connect/issues/1552/clarify-how-silent-credential-refresh-is
Kristina Yasuda:
* Wallet uses Access Token to send Credential Request to the Credential Endpoint
* if Refresh Token is used, need to exchange it with a fresh Access Token at Token Endpoint first
* long-lived Access Token can be used directly
* can be issuer initiated or wallet initiated
* issuer initiated where issuer communicates to the wallet the need to refresh credential
* wallet initiated is when the wallet initiates refresh request to the credential endpoint - there may or may not be a refreshed credential available at the issuer
* No need for the User Interaction as long as user has given consent to refresh in the original Authorization Request - Access Token embodies that consent
* yes, wallet would need to store Access Tokens/Refresh Tokens per credential
* difference btw refresh and re-issuance would be whether user interaction/consent is needed or not
More information about the Openid-specs-ab
mailing list