Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wallet notifying the Issuer of (un)successful issuance of credential(s) #70

Merged
merged 61 commits into from
Dec 22, 2023
Merged

Wallet notifying the Issuer of (un)successful issuance of credential(s) #70

merged 61 commits into from
Dec 22, 2023

Conversation

Sakurann
Copy link
Collaborator

@Sakurann Sakurann commented Sep 7, 2023
edited
Loading

Resolves #32. migrates PR608 from bitbucket.

need to agree how the wallet specifies about which credential it is talking

@Sakurann Sakurann changed the title * callback_endpoint: OPTIONAL. URL of the Credential Issuer's Callback Endpoint as defined in (#callback_endpoint). This URL MUST use the https scheme and MAY contain port, path, and query parameter components. If omitted, the Credential Issuer does not support the Callback Endpoint. Wallet notifying the Issuer of acceptance/rejection of issued credential Sep 7, 2023
peppelinux
peppelinux requested changes Sep 28, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
@Sakurann
Apply suggestions from code review
dd001bf 
Co-authored-by: Giuseppe De Marco <[email protected]>
@Sakurann
Copy link
Collaborator Author

Sakurann commented Sep 28, 2023
edited
Loading

two options on the table discussed during the call:

  1. callback includes full credentials that the wallet successfully accepted. feels weird sending PII over the wire extra time - what is callback_endpoint is compromised...
  2. credential response returns an identifier for this purpose (an identifier before credential is issued (PR add identifiers for issuing credential of the same type, different content #65) is different from an identifier after credential is issued - cc @pmhsfelix) , which the wallet can include in the callback.

@Sakurann
Copy link
Collaborator Author

personally, I like option 2 much more. it adds (yet another) identifier, but still feels better than sending an entire credential...

@bc-pi
Copy link
Member

bc-pi commented Sep 28, 2023

personally, I like option 2 much more. it adds (yet another) identifier, but still feels better than sending an entire credential...

I like option 2 too. As long as confusion about identifiers can be avoided.

peppelinux
peppelinux requested changes Sep 28, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
peppelinux
peppelinux requested changes Sep 28, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
@Sakurann
Copy link
Collaborator Author

Sakurann commented Sep 29, 2023
edited
Loading

thinking more about it, I think there is a confusion which state we are talking about. I was talking about issuer_state that the issuer passes in the credential_offer, not the state that the wallet sends in the authorization request.

There is no guarantee that the issuer_state generated by the credential Issuer is known by the AS, so the issuer_state passed in the credential offer by the credential issuer should be passed not in the authorization request, but the credential request going to the credential issuer.

@Sakurann
Copy link
Collaborator Author

Sakurann commented Sep 29, 2023
edited
Loading

to solve how to identify the status of each credential when more than one credential was issued, I added an option to return callback_id from credential endpoint and batch credential endpoint, which wallet needs to put in the callback. so callback depends on the issuer returning a callback_id, which should be fine.

peppelinux
peppelinux requested changes Dec 21, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated
@@ -1191,29 +1193,115 @@ Cache-Control: no-store
}
```

# Notification Endpoint {#notification_endpoint}

This endpoint is used by the Wallet to notify the Credential Issuer of certain events for issued credentials. These events enable the Credential Issuer to take subsequent actions after issuance. The Credential Issuer needs to return the `notification_id` in the Credential Response or a Batch Credential Response for the Wallet to be able to use this Endpoint. Support for this endpoint is OPTIONAL.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This endpoint is used by the Wallet to notify the Credential Issuer of certain events for issued credentials. These events enable the Credential Issuer to take subsequent actions after issuance. The Credential Issuer needs to return the `notification_id` in the Credential Response or a Batch Credential Response for the Wallet to be able to use this Endpoint. Support for this endpoint is OPTIONAL.
This endpoint is used by the Wallet to notify the Credential Issuer of certain events for issued Credentials. These events enable the Credential Issuer to take subsequent actions after issuance. The Credential Issuer needs to return the `notification_id` in the Credential Response or a Batch Credential Response for the Wallet to be able to use this Endpoint. Support for this endpoint is OPTIONAL.

openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
peppelinux
peppelinux approved these changes Dec 21, 2023
View reviewed changes
Copy link
Member

@peppelinux peppelinux left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Few editorials still to be applied, overall approved. Thx!

@Sakurann Sakurann added this to the ID-1 milestone Dec 21, 2023
jogu
jogu requested changes Dec 21, 2023
View reviewed changes
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
openid-4-verifiable-credential-issuance-1_0.md Outdated
* `invalid_notification_id`: The `notification_id` in the Notification Request was invalid.
* `invalid_notification_request`: The Notification Request is missing a required parameter, includes an unsupported parameter or parameter value, repeats the same parameter, or is otherwise malformed.

It is at the discretion of the Wallet whether to retry the request or not.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We're now saying this in two different places (line 1206 as well). We should only say it in one place.

I do not think we should encourage or even allow the wallet to retry for a permanent failure, for example I don't think invalid_notification_id or invalid_notification_request should ever be retried.

tlodderstedt
tlodderstedt requested changes Dec 21, 2023
View reviewed changes
Copy link
Collaborator

@tlodderstedt tlodderstedt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks good now, I just requested two small changes

openid-4-verifiable-credential-issuance-1_0.md Outdated
@@ -1191,29 +1193,115 @@ Cache-Control: no-store
}
```

# Notification Endpoint {#notification_endpoint}

This endpoint is used by the Wallet to notify the Credential Issuer of certain events for issued credentials. These events enable the Credential Issuer to take subsequent actions after issuance. The Credential Issuer needs to return the `notification_id` in the Credential Response or a Batch Credential Response for the Wallet to be able to use this Endpoint. Support for this endpoint is OPTIONAL.
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
This endpoint is used by the Wallet to notify the Credential Issuer of certain events for issued credentials. These events enable the Credential Issuer to take subsequent actions after issuance. The Credential Issuer needs to return the `notification_id` in the Credential Response or a Batch Credential Response for the Wallet to be able to use this Endpoint. Support for this endpoint is OPTIONAL.
This endpoint is used by the Wallet to notify the Credential Issuer of certain events for issued credentials. These events enable the Credential Issuer to take subsequent actions after issuance. The Credential Issuer needs to return one or more notification ids in a Credential Response or a Batch Credential Response for the Wallet to be able to use this Endpoint. Every notification id is related to exactly one issued Credential. Support for this endpoint is OPTIONAL.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Doesn't this belong in the definition of "notification_id" itself?

openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
@Sakurann @peppelinux @tlodderstedt
Apply suggestions from code review
f3a0d7b 
Co-authored-by: Giuseppe De Marco <[email protected]>
Co-authored-by: Torsten Lodderstedt <[email protected]>
tlodderstedt
tlodderstedt approved these changes Dec 22, 2023
View reviewed changes
Copy link
Collaborator

@tlodderstedt tlodderstedt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm - please approve my editorial suggestion before merging

openid-4-verifiable-credential-issuance-1_0.md Outdated Show resolved Hide resolved
@Sakurann Sakurann requested a review from jogu December 22, 2023 22:58
@Sakurann Sakurann merged commit 7210c6b into main Dec 22, 2023
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bc-pi bc-pi bc-pi left review comments

@dave-luna dave-luna dave-luna approved these changes

@selfissued selfissued selfissued left review comments

@peppelinux peppelinux peppelinux approved these changes

@danielfett danielfett danielfett left review comments

@tplooker tplooker tplooker approved these changes

@mavarley mavarley mavarley approved these changes

@tlodderstedt tlodderstedt tlodderstedt approved these changes

@jogu jogu jogu approved these changes

@awoie awoie Awaiting requested review from awoie

@pmhsfelix pmhsfelix Awaiting requested review from pmhsfelix

@c2bo c2bo Awaiting requested review from c2bo

@sudeshrshetty sudeshrshetty Awaiting requested review from sudeshrshetty

@David-Chadwick David-Chadwick Awaiting requested review from David-Chadwick

Assignees
No one assigned
Labels
priority
Projects
None yet
Milestone
ID-1
Development

Successfully merging this pull request may close these issues.

OID4VCI - Notification of acceptance/rejection of issued credential