-
Notifications
You must be signed in to change notification settings - Fork 14
Open
Description
The current IAE flow is missing two parts described in the OID4VCI spec:
- It is possible for interactive authorization to require multiple steps (e.g. first redirect_to_web, then openid4vc_presentation)
- It is possible for the redirect_to_web to result in an auth_session that should be used to continue the process (we currently assume it will include an auth code)
Should also take into account:
- Stuttgart 8: how does wallet determine which session if there are multiple? openid/OpenID4VCI#702 (comment)
- IAE redirect_to_web clarification, multiple use of PKCE_verifier ok? openid/OpenID4VCI#703
- Multiple interactive authorization types allowed for one flow / allow fallback? openid/OpenID4VCI#696
Reactions are currently unavailable
Metadata
Metadata
Assignees
Labels
No labels