[Openid-specs-ab] Issue #1450: [oidc4vci] Proposal: Move presentations after authorization (openid/connect)
Jeremie Miller
issues-reply at bitbucket.org
Wed Mar 2 01:39:34 UTC 2022
New issue 1450: [oidc4vci] Proposal: Move presentations after authorization
https://bitbucket.org/openid/connect/issues/1450/oidc4vci-proposal-move-presentations-after
Jeremie Miller:
In the current draft, before issuance if there are required presentations they are performed during and as part of the authorization flow. This is problematic, for example the discussion in #1443, and requires additional complexity around managing sessions with multiple possible presentations before authorization as well as deep integration with the authorization endpoint to support this complexity.
I’d like to propose that authorization always occurs first, establishing a strong relationship with the client that can be used for any/all subsequent interactions. After the client has an access token, it can then optionally interact with a presentation service to satisfy any additional requirements. This service can function and conform as an [OAuth token exchange](https://datatracker.ietf.org/doc/html/rfc8693), ultimately resulting in a token that can be used to access the issuance endpoint once all requirements are satisfied.
More information about the Openid-specs-ab
mailing list