OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard

Published 20 hours ago verified publisher icon openid

JSON encoded requests instead of form encoded requests

Open tlodderstedt opened this issue 1 year ago • 4 comments

Direct post and Request URI POST request are both form encoded. It was suggested to instead use JSON encoded payload. Let's discuss.

tlodderstedt avatar Mar 14 '24 11:03 tlodderstedt

I suggest using JSON for new APIs. To me Token Request uses form url-encoding due to legacy reasons, but we don't do the for credential request either, so I don't see a reason to do it for the POST request_uri

paulbastian avatar Mar 14 '24 14:03 paulbastian

Would you suggest we change this for the direct post request, too?

tlodderstedt avatar Mar 14 '24 16:03 tlodderstedt

That's a very good question. Direct post actually seems to just send the authorisation response over POST instead of GET, so mimicking send more reasonable.

In the case of request Uri, we are actually sending new data that is not defined in RFC9101, so deviating here seems more justified. This is also why I believe this is kind of a new command and I wouldn't call the parameter request_uri_method to indicate the support for it.

paulbastian avatar Mar 14 '24 17:03 paulbastian

I wouldn't call the parameter request_uri_method to indicate the support for it.

Are you suggesting to rename request_uri_method parameter name? What's your alternative?

Sakurann avatar Jun 03 '24 20:06 Sakurann

is the main motivation for this change aesthetics? Don't think this has come up as feedback from various interoperability event. this would be a big breaking change, pretty late in the specification lifecycle without a significant technical gain (from what i can tell, but i might be wrong). suggest we close this issue.

Sakurann avatar Jan 16 '25 11:01 Sakurann

+1 to what Kristina said. I wouldn't break this now.

danielfett avatar Jan 16 '25 11:01 danielfett

I would agree, especially as the DC API is all in JSON. Although I couldn't really find this as normative text in the spec. Are we missing something here?

paulbastian avatar Jan 16 '25 20:01 paulbastian

Although I couldn't really find this as normative text in the spec. Are we missing something here?

if I understood you correctly, I think we wanted to leave definitions of how to express protocol requests to W3C specification?

Sakurann avatar Jan 20 '25 20:01 Sakurann

I ask: where do we say that the content of DC API request is JSON encoded?

paulbastian avatar Jan 20 '25 23:01 paulbastian

It was also suggested to not change this.

bc-pi avatar Jan 21 '25 19:01 bc-pi

I would raise sustained opposition if we were to make this change.

awoie avatar Jan 21 '25 19:01 awoie

I'm also in favour of not making this change.

tplooker avatar Jan 21 '25 20:01 tplooker

there does not seem to be any support to make this change. closing in a week unless objections are raised.

Sakurann avatar Jan 30 '25 11:01 Sakurann

I ask: where do we say that the content of DC API request is JSON encoded?

Somewhat late response, but we don't state this. DC API is not JSON encoded, it's a JavaScript object, that is defined by DC API spec

jogu avatar Feb 19 '25 10:02 jogu

Then should we state this or is it obvious enough?

paulbastian avatar Feb 19 '25 16:02 paulbastian