[Openid-specs-ab] Issue #2057: Dynamic wallet/client metadata negotiation (openid/connect)
alen_horvat
issues-reply at bitbucket.org
Fri Sep 1 14:20:50 UTC 2023
New issue 2057: Dynamic wallet/client metadata negotiation
https://bitbucket.org/openid/connect/issues/2057/dynamic-wallet-client-metadata-negotiation
Alen Horvat:
Hi. I have a question wrt dynamic wallet-client metadata negotiation.
Most OID4VP flows will use the request\_uri approach where the request object is fetched from the server.
In a basic authorisation request, Verifier presents its metadata \(as value or as reference via client\_metadata\). Wallet could send its metadata to the request\_uri endpoint and the server could generate a request that matches the Wallet requirements. Of course it is the server who defines the minimal requirements \(wallet should not be able to downgrade the config from a security point of view\)
Minimal assumption by the server would be the wallet authorisation endpoint.
More information about the Openid-specs-ab
mailing list