Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add one more option to invalid_request if none of the valid options is provided #101

Merged
merged 4 commits into from
Feb 27, 2024
Merged

Add one more option to invalid_request if none of the valid options is provided #101

merged 4 commits into from
Feb 27, 2024

Conversation

awoie
Copy link
Contributor

@awoie awoie commented Feb 12, 2024

This PR does:

This PR is non-breaking since we already have the requirement that one of the options must be present.

@awoie awoie requested review from danielfett, jogu, Sakurann and selfissued and removed request for danielfett February 12, 2024 14:55
@awoie awoie changed the title fix: addes one more option to invalid_request where at least one opti… Add one more option to invalid_request Feb 12, 2024
@awoie awoie changed the title Add one more option to invalid_request Add one more option to invalid_request if none of the valid options is provided Feb 12, 2024
jogu
jogu reviewed Feb 12, 2024
View reviewed changes
openid-4-verifiable-presentations-1_0.md Outdated
@@ -659,7 +659,7 @@ The error response follows the rules as defined in [@!RFC6749], with the followi

`invalid_request`:

- The request contains more than one out of the following three options to communicate a requested Credential: a `presentation_definition` parameter, a `presentation_definition_uri` parameter, or a scope value representing a Presentation Definition.
- The request contains none or more than one out of the following three options to communicate a requested Credential: a `presentation_definition` parameter, a `presentation_definition_uri` parameter, or a scope value representing a Presentation Definition.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We may want to make it clearer that a wallet isn't required to return an error in the 'none of' case (but is required to return an error in the "more than one" case). [As the wallet may support other protocols, e.g. SIOPv2]

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In the context of OpenID4VP it is required to provide one of the options, otherwise it is not an OpenID4VP request. Especially, I would expect an error if response_type is vp_token. I agree that for response_type code, the situation is different. If the request is also a SIOPv2 request using vp_token id_token, then I would still expect an error.

Copy link
Contributor Author

@awoie awoie Feb 12, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Perhaps we should think about a dedicated scope value that clearly defines that the request is an OpenID4VP request? This would be only required for response_type code though.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated the language in the PR. Would you agree with the new language @jogu ?

@awoie awoie requested a review from jogu February 12, 2024 16:34
Sakurann
Sakurann requested changes Feb 12, 2024
View reviewed changes
Copy link
Collaborator

@Sakurann Sakurann left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

vp_token response type is not mandatory when response type is code. Also, why none or more? one of these three options has to be provided for the wallet to know what credential is being requested

@awoie
Copy link
Contributor Author

awoie commented Feb 13, 2024

vp_token response type is not mandatory when response type is code. Also, why none or more? one of these three options has to be provided for the wallet to know what credential is being requested

The paragraph is about raising an error in case none or more than one option is provided. I agree that there is an exception for response_type code. That is why I added the "The request uses the vp_token Response Type and contains none or more than one out of ... " which should read: (vp_token and none) or (>1 options) -> error. I could probably rephrase this.

@awoie
Copy link
Contributor Author

awoie commented Feb 13, 2024

vp_token response type is not mandatory when response type is code. Also, why none or more? one of these three options has to be provided for the wallet to know what credential is being requested

The paragraph is about raising an error in case none or more than one option is provided. I agree that there is an exception for response_type code. That is why I added the "The request uses the vp_token Response Type and contains none or more than one out of ... " which should read: (vp_token and none) or (>1 options) -> error. I could probably rephrase this.

Does this now make sense? @Sakurann

Sakurann
Sakurann approved these changes Feb 21, 2024
View reviewed changes
openid-4-verifiable-presentations-1_0.md Outdated Show resolved Hide resolved
@awoie @jogu
Applied Joseph's suggestion
7fd11a5 
Co-authored-by: Joseph Heenan <[email protected]>
@Sakurann Sakurann requested a review from jogu February 27, 2024 20:31
@Sakurann Sakurann merged commit ad71df9 into main Feb 27, 2024
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sakurann Sakurann Sakurann approved these changes

@jogu jogu jogu approved these changes

@selfissued selfissued Awaiting requested review from selfissued

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Option missing for non-valid OpenID4VP requests
3 participants
@awoie @jogu @Sakurann