OpenID4VP icon indicating copy to clipboard operation
OpenID4VP copied to clipboard
verified publisher icon openid

Question about encrypted responses

Open szmeti opened this issue 2 months ago • 1 comments

https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-8.3-7 shows an example of an ecrypted response, which is a JSON object. I am a little confused as to when this response format should be used.

The direct_post response_mode defines that the HTTP POST request to the Verifier must be encoded in the request body using the format defined by the application/x-www-form-urlencoded HTTP content type. In this case I would expect the wallet to send the JWE in the response parameter, but not as a JSON object, but as a x-www-form-urlencoded parameter as it is defined in https://openid.net/specs/openid-4-verifiable-presentations-1_0.html#section-8.3.1-4 for direct_post.jwt responses.

In which scenarios should the JSON Object format be used?

szmeti avatar Oct 14 '25 13:10 szmeti

I think this is likely a mistake in the example - I don't think there is a case when JSON object is used in this case. I think we should probably change the example to be form url encoded.

jogu avatar Oct 14 '25 19:10 jogu