Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EWC RFC 001: Wrong order for resolving discovery endpoints #5

Closed
georgepadayatti opened this issue Feb 7, 2024 · 2 comments
Closed

EWC RFC 001: Wrong order for resolving discovery endpoints #5

georgepadayatti opened this issue Feb 7, 2024 · 2 comments
Assignees
@endimion
Labels
bug Something isn't working EWC RFC 001 Issue Verifiable Credential

Comments

@georgepadayatti
Copy link
Collaborator

At present the RFC mentions the holder wallet performs discovery in the following order:

  1. Resolves AS well-known endpoint (/.well-known/openid-configuration)
  2. Resolves credential issuer well-known endpoint (/.well-known/openid-credential-issuer)

Reference is given below:

eudi-wallet-rfcs/ewc-rfc001-issue-verifiable-credential.md

Lines 140 to 152 in 3a09351

Here, the holder wallet requests the issuer’s authorisation server configurations.
```http
GET https://server.example.com/.well-known/openid-configuration
```
Resolve `/.well-known/openid-configuration` endpoint for `credential_issuer` URI in the credential offer response. The holder wallets also sent the same request to get the issuer’s configurations.
```http
GET https://server.example.com/.well-known/openid-credential-issuer
```
Resolve `/.well-known/openid-credential-issuer` endpoint for `credential_issuer` URI in the credential offer response.

The above is wrong and propose the following order:

  1. Holder wallet obtains the credential_issuer endpoint from the credential offer and then resolves the credential issuer well-known endpoint.
  2. From the response, holder wallet obtains the AS endpoint and then resolves the AS well-known endpoint.
@georgepadayatti georgepadayatti added bug Something isn't working EWC RFC 001 Issue Verifiable Credential labels Feb 7, 2024
@georgepadayatti georgepadayatti mentioned this issue Feb 7, 2024
Closed
@endimion
Copy link
Collaborator

endimion commented Feb 7, 2024

ok, no problem in the OIDC spec is the other way around ... I assume this has to do with the fact that the OIDC spec provisions for mutiple AS server if I am not mistaken. So, you would fetch the openid-configuration after selecting which AS you want to used.. but I guess the ARF doesn't consider this case? If this is so lets close this @georgepadayatti plz :)

@georgepadayatti
Copy link
Collaborator Author

georgepadayatti commented Feb 7, 2024
edited
Loading

ok, no problem in the OIDC spec is the other way around ... I assume this has to do with the fact that the OIDC spec provisions for mutiple AS server if I am not mistaken. So, you would fetch the openid-configuration after selecting which AS you want to used.. but I guess the ARF doesn't consider this case? If this is so lets close this @georgepadayatti plz :)

Your earlier observation is correct. First credential issuer well-known endpoint is resolved as its present in credential offer and then AS well-known endpoint.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@endimion endimion

Labels
bug Something isn't working EWC RFC 001 Issue Verifiable Credential
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@endimion @georgepadayatti