Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add randomness to the credential_offer_uri #336

Merged
merged 3 commits into from
Jun 12, 2024
Merged

add randomness to the credential_offer_uri #336

Changes from 1 commit
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
391ffab
add randomness to the credential_offer_uri
May 27, 2024
8e6a7b8
Apply suggestions from code review
Sakurann Jun 8, 2024
ea3cc5a
Apply suggestions from Christian's code review
Sakurann Jun 11, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions openid-4-verifiable-credential-issuance-1_0.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -378,7 +378,7 @@ openid-credential-offer://?credential_offer=%7B%22credential_issuer%22:%22https:

### Sending Credential Offer by Reference Using `credential_offer_uri` Parameter

Upon receipt of the `credential_offer_uri`, the Wallet MUST send an HTTP GET request to URI to retrieve the referenced Credential Offer Object, unless it is already cached, and parse it to recreate the Credential Offer parameters.
Upon receipt of the `credential_offer_uri`, the Wallet MUST send an HTTP GET request to the URI to retrieve the referenced Credential Offer Object, unless it is already cached, and parse it to recreate the Credential Offer parameters.

Note: The Credential Issuer SHOULD use a unique URI for each Credential Offer utilizing distinct parameters, or otherwise prevent the Credential Issuer from caching the `credential_offer_uri`.

Expand All @@ -393,11 +393,12 @@ The response from the Credential Issuer that contains a Credential Offer Object

This ability to pass the Credential Offer by reference is particularly useful for large requests.
Sakurann marked this conversation as resolved.
Show resolved Hide resolved

Below is a non-normative example of the Credential Offer displayed by the Credential Issuer as a QR code when the Credential Offer is passed by reference:
When the Credential Offer is passed by reference, the Credential Offer can be displayed by the Credential Issuer as a QR code. Below is a non-normative example:
Sakurann marked this conversation as resolved.
Show resolved Hide resolved

```
openid-credential-offer://?
credential_offer_uri=https%3A%2F%2Fserver%2Eexample%2Ecom%2Fcredential-offer.json
%2FGkurKxf5T0Y-mnPFCHqWOMiZi4VS138cQO_V7PZHAdM
Sakurann marked this conversation as resolved.
Show resolved Hide resolved
```

Below is a non-normative example of a response from the Credential Issuer that contains a Credential Offer Object used to encourage the Wallet to start an Authorization Code Flow:
Expand Down Expand Up @@ -1617,7 +1618,7 @@ Wallet reacts to a Credential Offer. An attacker may send Credential Offers usin
custom URL schemes or claimed https urls, see if the
Wallet reacts (e.g., whether the wallet retrieves Credential Issuer metadata hosted by an
attacker's server), and, therefore, learn which Wallet is installed. To avoid this, the Wallet SHOULD
require user interaction or establish trust in the Issuer before fetching any `credential_offer_uri `
require user interaction or establish trust in the Issuer before fetching any `credential_offer_uri`
or acting on the received Credential Offer.

## Untrusted Wallets
Expand Down
Loading