4.1.3 examples are non consistent

[jogu]

Feedback from George Fletcher:

In 4.1.3 the credential offer examples are not self consistent:

GET /credential_offer HTTP/1.1
Host: server.example.com

openid-credential-offer://?
  credential_offer_uri=https%3A%2F%2Fserver%2Eexample%2Ecom%2Fcredential-offer.json

One has the .json suffix, the other doesn't, and neither actually contain something random/unique as the spec recommends.

[babisRoutis]

I was wondering if the issuer has to introduce something random/unique to the URI of a credential offer in case of a stateless offer. That is, in an offer that uses authorization code grant without issuer_state.

[Sakurann]

i think there is misunderstanding and the examples in the issues should not be taken without the context and without the specification text around them. the first example in what wallet does when it receives credential_offer_uri whose host name is server.example.com (which is btw the same as the second example, so it is consistent). the second example in the issue simply shows that credential_offer_uri can be passed to the wallet using custom url schemes.

I can do a PR clarifying the description of the second example and add randomness to the URI, but the rest is accurate IMO.