Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable direct_post* for x509_san_* without redirect_uri in the authz request #84

Merged
merged 9 commits into from
Feb 1, 2024
Merged

Enable direct_post* for x509_san_* without redirect_uri in the authz request #84

Changes from 8 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
51bf24b
fix: fixes #83
awoie Jan 24, 2024
3bfe45a
fix: removed exception for direct_post.jwt for redirect_uri since no …
awoie Jan 24, 2024
e1e80b1
fix: made it more clear that exception applies only if applicable
awoie Jan 25, 2024
3cbed31
fix: fixed typo
awoie Jan 25, 2024
710156b
fix: revert other text
awoie Jan 25, 2024
852e280
fix: adjusted language
awoie Jan 30, 2024
99c6f0f
fix: revert previous suggestion
awoie Jan 30, 2024
202eb5b
fix: reverted to joseph's suggestion
awoie Jan 30, 2024
e6ff69e
Update openid-4-verifiable-presentations-1_0.md
awoie Jan 30, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 1 addition & 3 deletions openid-4-verifiable-presentations-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -542,12 +542,10 @@ The Response Mode is defined in accordance with [@!OAuth.Responses] as follows:
The following new Authorization Request parameter is defined to be used in conjunction with Response Mode `direct_post`:

`response_uri`:
: OPTIONAL. MUST be present when the Response Mode `direct_post` is used. The Response URI to which the Wallet MUST send the Authorization Response using an HTTPS POST request as defined by the Response Mode `direct_post`. The Response URI receives all Authorization Response parameters as defined by the respective Response Type. When the `response_uri` parameter is present, the `redirect_uri` Authorization Request parameter MUST NOT be present. If the `redirect_uri` Authorization Request parameter is present when the Response Mode is `direct_post`, the Wallet MUST return an `invalid_request` Authorization Response error.
: OPTIONAL. MUST be present when the Response Mode `direct_post` is used. The Response URI to which the Wallet MUST send the Authorization Response using an HTTPS POST request as defined by the Response Mode `direct_post`. The Response URI receives all Authorization Response parameters as defined by the respective Response Type. When the `response_uri` parameter is present, the `redirect_uri` Authorization Request parameter MUST NOT be present. If the `redirect_uri` Authorization Request parameter is present when the Response Mode is `direct_post`, the Wallet MUST return an `invalid_request` Authorization Response error. The `response_uri` value MUST be a value that the client would be permitted to use as a redirect_uri when following the rules defined in (#client_metadata_management).

Note: The Verifier's component providing the user interface (Frontend) and the Verifier's component providing the Response URI (Response Endpoint) need to be able to map authorization requests to the respective authorization responses. The Verifier MAY use the `state` Authorization Request parameter to add appropriate data to the Authorization Response for that purpose, for details see (#implementation_considerations_direct_post).

Note: If the Client Identifier scheme `redirect_uri` is used in conjunction with the Response Mode `direct_post`, and the `response_uri` parameter is present, the `client_id` value MUST be equal to the `response_uri` value.

The following is a non-normative example of the payload of a Request Object with Response Mode `direct_post`:

```json
Expand Down