Dynamic credential request

[georgepadayatti]

This is regarding the implementation of the Section 5.1.5 Dynamic Credential Request. I am unsure if I should raise this question here or in OpenID4VP.

Dynamic credential request is for situations when an issuer requires verifications from the holder, before issuing the credential.

Here the issuer has alternating roles: issuer -> verifier -> issuer.

The verifier can specify direct_post as a way to receive the authorisation response containing the presentation submission. As per the OpenID4VP spec Section 6.2, it says the response endpoint after successfully processing the request must respond with 200 response. It may optionally contain a redirect_uri. If a redirect_uri is present, the wallet must redirect the user agent to that URI.

In the case of dynamic credential request, is it correct to understand the following:

Upon receiving the authorisation response, the verifier seizes being a verifier, therefore doesn't have to send a 200 response with/without redirect_uri and becomes an issuer and continues with the issuer flow of returning an authorisation response with 302 redirects containing code in query params

Is this the correct interpretation?

[c2bo]

Seems to be related to #360? I think some of the discussion and links provided there might help, especially this proposal https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/flows/Presentation-During-Issuance/.