-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
OID4VC via JWT is never receiving the required nonce
value
#53
Comments
The original OID4VCI spec conflated the authorization server (AS) with the credential issuance server in a number of ways. This included having to modify an existing authorization server to send this While some effort has been made to split the two entities better, some of these problems still exist today -- such as the idea that the AS sends this Now, this particular package implements VC API workflows / exchanges which enable multiple delivery protocols to be run over them. To implement OID4VCI over VC API exchanges, it actually virtualizes both the AS and the credential issuance server to avoid anyone having to create and deploy these on their own and to smooth over any other issues arising from the OID4VCI approach. Somewhat ironically, this means we could technically update things here to send that nonce from the virtualized AS pretty easily, but we've heard that this |
https://github.com/digitalbazaar/bedrock-vc-delivery/blob/main/lib/verify.js#L144
The JWT for
DidProof
is requiring thatnonce
is set to theexchange.id
value to avoid throwing an error. However, this value is not communicated as part of the initial token request response.It looks like you send it upon a failed request when a proof isn't provided but it feels like it should also be included on the initial request too.
The text was updated successfully, but these errors were encountered: