Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add clause preventing web-origin: scheme from being used in regular requests #384

Closed
danielfett opened this issue Jan 17, 2025 · 0 comments · Fixed by #387
Closed

Add clause preventing web-origin: scheme from being used in regular requests #384

danielfett opened this issue Jan 17, 2025 · 0 comments · Fixed by #387
Labels
has-PR
Milestone
Final 1.0

Comments

@danielfett
Copy link
Contributor

There should be something like

the Wallet MUST NOT accept the web-origin: client id scheme if the request is not sent via DC API"

somewhere in the text. Right now, the only requirement is that this scheme MUST NOT be used in the authorization request (not that it MUST NOT be accepted).
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
has-PR
Projects
None yet
Milestone
Final 1.0
Development

Successfully merging a pull request may close this issue.

client id scheme web-origin must not be used outside dc api openid/OpenID4VP
2 participants
@danielfett @Sakurann