Skip to content

remove use of the authorization_pending and slow_down error codes #314

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
May 17, 2024
Merged

remove use of the authorization_pending and slow_down error codes #314

merged 2 commits into from
May 17, 2024

Conversation

@bc-pi
Copy link
Member

@bc-pi bc-pi commented May 6, 2024
edited by Sakurann
Loading

per issue #60

@bc-pi bc-pi linked an issue May 6, 2024 that may be closed by this pull request
Lifetime of an Authorization Code / Pre-Authorized Code #60
Closed
@awoie
Copy link
Contributor

awoie commented May 16, 2024

I was wondering how we would support the following use case if we remove authorization_pending. In some cases, the AS cannot make an immediate decision on the authz request because some human intervention is needed for a final decision even though the initial credentials the user provided were successfully verified. I assume we could do that via deferred issuance, right? In that case, I was wondering what would be the error code in the credential response in case the issuer made a negative decision? Currently, I cannot see a error code that would fit. Should we add a new one?

@jogu
Copy link
Contributor

jogu commented May 17, 2024

@awoie

I was wondering how we would support the following use case if we remove authorization_pending. In some cases, the AS cannot make an immediate decision on the authz request because some human intervention is needed for a final decision even though the initial credentials the user provided were successfully verified. I assume we could do that via deferred issuance, right? In that case, I was wondering what would be the error code in the credential response in case the issuer made a negative decision? Currently, I cannot see an error code that would fit. Should we add a new one?

That's all correct, yes. I think the new error code defined here might cover it: #321 ?

@jogu
Copy link
Contributor

jogu commented May 17, 2024

I think we're ready to merge this now - it's been discussed on several working group calls and there were no objections raised based on the notification send to the mailing list a month ago: https://lists.openid.net/pipermail/openid-specs-digital-credentials-protocols/Week-of-Mon-20240415/000278.html

@bc-pi would you mind resolving the trivial conflict please?

@awoie
Copy link
Contributor

awoie commented May 17, 2024

@awoie

I was wondering how we would support the following use case if we remove authorization_pending. In some cases, the AS cannot make an immediate decision on the authz request because some human intervention is needed for a final decision even though the initial credentials the user provided were successfully verified. I assume we could do that via deferred issuance, right? In that case, I was wondering what would be the error code in the credential response in case the issuer made a negative decision? Currently, I cannot see an error code that would fit. Should we add a new one?

That's all correct, yes. I think the new error code defined here might cover it: #321 ?

Yes, that would cover it. Thanks.

@bc-pi
Copy link
Member Author

bc-pi commented May 17, 2024

@bc-pi would you mind resolving the trivial conflict please?

done!

@jogu
Copy link
Contributor

jogu commented May 17, 2024

Thanks Brian! I'll merge this then as per my previous comment.

@jogu jogu merged commit 495c620 into main May 17, 2024
@tomdaffurn tomdaffurn mentioned this pull request Jul 26, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jogu jogu jogu approved these changes

@c2bo c2bo c2bo approved these changes

@paulbastian paulbastian paulbastian approved these changes

@awoie awoie awoie approved these changes

@Sakurann Sakurann Sakurann approved these changes

@danielfett danielfett Awaiting requested review from danielfett

@tlodderstedt tlodderstedt Awaiting requested review from tlodderstedt

@pmhsfelix pmhsfelix Awaiting requested review from pmhsfelix

@tplooker tplooker Awaiting requested review from tplooker

@fabian-hk fabian-hk Awaiting requested review from fabian-hk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Lifetime of an Authorization Code / Pre-Authorized Code

7 participants

@bc-pi @awoie @jogu @c2bo @paulbastian @Sakurann