-
Notifications
You must be signed in to change notification settings - Fork 20
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[OpenID4VCI] remove c_nonce from the token endpoint #183
Comments
in italy we have implemented that for the wallet AS but not for the OIDC impl. I'm requirement driven and then I feel neutral with the solution, afaik the discussion could be moved towards having a PoP with dpop/mtls and removing c_nonce. While moving to DPoP/mTLS and leaving c_nonce optional would inflate the specs, we could use pop just with dpop, but at the same time making dpop/mtls mandatory will impacts the token endpoint as well. in italy we have implemented dpop for the access token pop and c_nonce for the jwk pop to be used to the credential endpoint. even id we use dpop only without c_nonce or c_nonce without dpop or these two together, the token endpoint response must then be extended for security reasons. probably c_nonce was born to simplify things, considering dpop more complex (even if more generalized and usable for different contexts). @asharif1990 WDYT? |
from my point of view, I am in favor of keeping |
your though fits perfectly with the specialization of different parameters for different purposes and I fully agree with you |
@peppelinux this issue is no longer applicable. I'm closing it. |
Another breaking change is on the way
openid/OpenID4VCI#199
The text was updated successfully, but these errors were encountered: