Joseph Heenan
Joseph Heenan
https://github.com/openid/authzen/tree/main/api contains a weird assortment of files to the point that when I was thinking to make a PR to fix one of the issues I was I got highly...
This WG seems to use a different toolchain to other OIDF WGs - can you add instructions on how to build the spec to README.md please? Doesn't need to go...
The formatting of the bullet list here is broken: https://openid.net/specs/authorization-api-1_0-01.html#section-7.1.3 (Experience suggests it's probably a missing blank link before or after the list, but there could be another cause)
https://www.rfc-editor.org/rfc/rfc9101.html defines a `typ` value to be used in the header of request objects, `oauth-authz-req+jwt`, but doesn't go as far as requiring it to be used, offering various cases where...
The browser API appendix currently says: > The client_id parameter MUST be omitted in unsigned requests defined in I think it'd be helpful to specify the behaviour the wallet needs...
This is split out from https://github.com/openid/OpenID4VP/issues/219 : > For item 3 "what if verifier wants to pass multiple trust models, hoping one is supported by the wallet?" > > This...
https://openid.net/specs/openid-4-verifiable-presentations-1_0-ID2.html#name-response says: > If the Response Type value is code (Authorization Code Grant Type), the VP Token is provided in the Token Response. (and has a similar entry in the...
https://github.com/openid/OpenID4VP/issues/182 and https://github.com/openid/OpenID4VP/issues/189 both propose solutions to an underlying problem - that ecosystems / trust frameworks want to have some way to restrict the credentials and claims within those credentials...
https://drafts.oauth.net/oauth-v2-1/draft-ietf-oauth-v2-1.html#section-7.11 says: > A code injection attack occurs when an input or otherwise external variable is used by an application unsanitized and causes modification to the application logic. This may...
https://github.com/openid/OpenID4VCI/pull/392 added an option for the AS to return credential_identifier when credentials are requested using scopes. It resulted in text like this: that seems to say the there's a `credential_identifiers`...