missing the query parameter client_id_scheme when issuing VP requests with X509_sans_dns client_id_scheme

[endimion]

https://github.com/EWC-consortium/ewc-wallet-conformance-backend/blob/staging/routes/verifierRoutes.js

5. Authorization Request

[endimion]

In HAIP profile it says that “client_id_scheme parameter MUST be present in the Authorization Request” https://openid.net/specs/openid4vc-high-assurance-interoperability-profile-sd-jwt-vc-1_0.html#section-5-1.6 but this is about Authorization request which is what you get as a response from request_uri

[endimion]

Additional input has been shared:

• client_id_scheme security considerations openid/OpenID4VP#124 [1]
• Change client_id_scheme to a prefix openid/OpenID4VP#263 [2]

[1] In the protocol, since the client_id_scheme parameter namespaces the client_id, it should appear everywhere where client_id appears :

Everywhere where a party checks a client id (especially the AS and the client), it must check the tuple (client_id, client_id_scheme) instead. This also applies if client_id_scheme is not used by one of the parties (in which case client_id_scheme must be replaced by, e.g., null).

[endimion]

In EWC we are currently only supporting OIDC4VP v18. So closing for now and might reopen if we move to a newer version of the spec.