OID4VC via JWT is never receiving the required nonce value

[davemajor]

https://github.com/digitalbazaar/bedrock-vc-delivery/blob/main/lib/verify.js#L144

The JWT for DidProof is requiring that nonce is set to the exchange.id value to avoid throwing an error. However, this value is not communicated as part of the initial token request response.

It looks like you send it upon a failed request when a proof isn't provided but it feels like it should also be included on the initial request too.

[dlongley]

The original OID4VCI spec conflated the authorization server (AS) with the credential issuance server in a number of ways. This included having to modify an existing authorization server to send this nonce that was intended to be tracked and used by the credential issuance server. This required the two to share state and be aware of the authenticity of nonces (those that actually came from the AS and that weren't just generated by the client) or for the two entities to just be the same thing -- defeating architectural reuse scenarios. IOW, you could not "just add" a credential issuance server to an existing OAuth-style deployment and reuse an AS; changes to the AS software were also necessary or a new deployment required anyway.

While some effort has been made to split the two entities better, some of these problems still exist today -- such as the idea that the AS sends this nonce when it's entirely up to the credential issuer to track and verify a signature over it, etc. It's not a requirement of the spec for the AS to send a nonce, it's optional. However, the credential issuance server is required to send a nonce in an error response to the client if the client does not provide a DID proof when requesting a VC (if such a proof is required). This feature of the credential issuance server is implemented here in this package -- and clients are required to implement the other side of it as well. This covers the DID proof case here, just with an additional request.

Now, this particular package implements VC API workflows / exchanges which enable multiple delivery protocols to be run over them. To implement OID4VCI over VC API exchanges, it actually virtualizes both the AS and the credential issuance server to avoid anyone having to create and deploy these on their own and to smooth over any other issues arising from the OID4VCI approach.

Somewhat ironically, this means we could technically update things here to send that nonce from the virtualized AS pretty easily, but we've heard that this nonce approach may be changing in OID4VCI anyway to better improve the decoupling for systems that don't or can't do this. Therefore, we're taking a wait and see approach as to whether it's worth adding this -- as it's essentially an architectural / layering violation -- and one that isn't needed anyway as both the client and the credential issuance server must already be able to do what is implemented today with the "provide the nonce in the error" mechanism.