[Openid-specs-ab] Issue #1685: Returning large credentials (openid/connect)
nadalin at prodigy.net
nadalin at prodigy.net
Wed Oct 19 11:54:11 UTC 2022
There is no technical limit to the size of a HTTP body so since you always
have to give a content-length to the other side (is both for request &
response), if your response is really large, it is up to the client to
process it in an acceptable way (e.g. stream it directly to a file backend),
so it would be up to the client to do this right.
-----Original Message-----
From: Openid-specs-ab <openid-specs-ab-bounces at lists.openid.net> On Behalf
Of David W Chadwick via Openid-specs-ab
Sent: Wednesday, October 19, 2022 3:13 AM
To: openid-specs-ab at lists.openid.net
Cc: David W Chadwick <issues-reply at bitbucket.org>
Subject: [Openid-specs-ab] Issue #1685: Returning large credentials
(openid/connect)
New issue 1685: Returning large credentials
https://bitbucket.org/openid/connect/issues/1685/returning-large-credentials
David W Chadwick:
Some credentials may be very large e.g. those with embedded images. The
OIDC4VPs spec specifies the new response mode `post` for the cross device
flow. This will allow any size of credential to be returned. However the
same device flow uses http re-directs, and this may limit the size of
credential that can be returned. How might this be addressed?
One solution could be to allow the new response mode `post` to be applicable
to the same device flow as well.
_______________________________________________
Openid-specs-ab mailing list
Openid-specs-ab at lists.openid.net
https://lists.openid.net/mailman/listinfo/openid-specs-ab
More information about the Openid-specs-ab
mailing list