[Openid-specs-ab] Issue #1827: OpenID4VCI: The initial c_nonce is not issued by the credential issuer (openid/connect)
Takahiko Kawasaki
issues-reply at bitbucket.org
Tue Feb 21 21:19:01 UTC 2023
New issue 1827: OpenID4VCI: The initial c_nonce is not issued by the credential issuer
https://bitbucket.org/openid/connect/issues/1827/openid4vci-the-initial-c_nonce-is-not
Takahiko Kawasaki:
From Section 7.2. Credential Request of the draft 11 of “OpenID for Verifiable Credential Issuance”:
> The `proof` element MUST incorporate a `c_nonce` value generated by the Credential Issuer and the Credential Issuer Identifier \(audience\) to allow the Credential Issuer to detect replay.
However, the initial `c_nonce` is issued from the token endpoint of the **authorization server**, not from the credential endpoint of the **credential issuer**. That is, the first credential request cannot incorporate a `c_nonce` generated by the credential issuer.
More information about the Openid-specs-ab
mailing list