101Coder101

> [@101Coder101](https://github.com/101Coder101) Thanks for raising these issues! To use your suggestions we need to confirm if you've signed an OIDF contribution agreement ( https://openid.net/intellectual-property/openid-foundation-contribution-agreements/ ) - could you drop an...

> The credential request sent from the verifier to the wallet is considered single use and contains a nonce; the verifier needs to check the nonce corresponds to the user...

Thank you for the reply. I have rechecked with the contents of oid4vp v1.0. These are the following relevant passages: > If the Response URI has successfully processed the Authorization...

Thank you for the clarification. A clarification would be helpful in this case. I assume the attack scenario I described is an additional attack next to the session fixation. The...