-
Notifications
You must be signed in to change notification settings - Fork 37
Open
Description
Given our latest proposal for nonce fetching for Wallet Attestation, we propose to have a nonce endpoint for the Authorization Server in OpenID4VCI. Our reasoning:
- we already have a nonce endpoint for Credential Issuer
- we can use the nonce endpoint at AS to get nonces for wallet attestation before calling the PAR endpoint
- we can fetch DPoP nonces also at AS, which would bring us on par with pending PR Add DPoP Nonce to Nonce Endpoint #478
- if AS and Credential Issuer are the same, they can have a merged nonce endpoint
- in the long run extract the ideas from OpenID4VCI and Attestation-Based Client Authentication into a dedicated OAuth Draft in backwards-compatible fashion?