From 2f1b807aa88fed542cf5b7b2f5426ac5a14f1f93 Mon Sep 17 00:00:00 2001
From: elisanp <elisa.nicolussi@tndigit.it>
Date: Tue, 6 May 2025 09:55:37 +0200
Subject: [PATCH] feat: configurable client id scheme

---
 example/satosa/pyeudiw_backend.yaml        | 1 +
 pyeudiw/openid4vp/authorization_request.py | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/example/satosa/pyeudiw_backend.yaml b/example/satosa/pyeudiw_backend.yaml
index a24cbe7bc..c4a1c1840 100644
--- a/example/satosa/pyeudiw_backend.yaml
+++ b/example/satosa/pyeudiw_backend.yaml
@@ -64,6 +64,7 @@ config:
   authorization:
     client_id: # this field if not set will be autopopulated using internal variables base_url and name using the following format: "<base_url>/<name>" 
     auth_iss_id: # this field if not set will be set to client_id in the authz request 
+    client_id_scheme: x509_san_dns
     url_scheme: haip
     scopes:
     - pid-sd-jwt:unique_id+given_name+family_name
diff --git a/pyeudiw/openid4vp/authorization_request.py b/pyeudiw/openid4vp/authorization_request.py
index 606c9448e..faa0b77aa 100644
--- a/pyeudiw/openid4vp/authorization_request.py
+++ b/pyeudiw/openid4vp/authorization_request.py
@@ -59,7 +59,7 @@ def build_authorization_request_claims(
         _iss = client_id
         
     claims = {
-        "client_id_scheme": "http",  # that's federation.
+        "client_id_scheme": authorization_config.get("client_id_scheme", "http"),
         "client_id": client_id,
         "response_mode": authorization_config.get(
             "response_mode", ResponseMode.direct_post_jwt