Comments (2)
@babisRoutis Thank you for bringing this issue.
I guess that you are talking about the value of the cryptographic_binding_methods_supported
issuer metadata in the JSON returned from https://trial.authlete.net/.well-known/openid-credential-issuer.
Technically speaking, this is not an issue of java-oauth-server. It's an issue in the configuration of the credential issuer that is running on trial.authlete.net
.
If the value of the cryptographic_binding_methods_supported
issuer metadata is used to list the supported formats of keys in key proofs (not in verifiable credentials) (NOTE: As OpenID4VCI Issue 283 points out, this is not so clearly stated in the specification), another issue is raised. Although the "jwt Proof Type" section of the OID4VCI spec defines a method that utilizes the x5c
header parameter, the "Credential Issuer Metadata Parameters" section does not include a string constant that corresponds to x5c
.
from java-oauth-server.
Dear @TakahikoKawasaki
I guess that you are talking about the value of the
cryptographic_binding_methods_supported
issuer metadata in the JSON returned from https://trial.authlete.net/.well-known/openid-credential-issuer.
Indeed.
Technically speaking, this is not an issue of java-oauth-server. It's an issue in the configuration of the credential issuer that is running on
trial.authlete.net
.
That's clear
If the value of the
cryptographic_binding_methods_supported
issuer metadata is used to list the supported formats of keys in key proofs (not in verifiable credentials) (NOTE: As OpenID4VCI Issue 283 points out, this is not so clearly stated in the specification), another issue is raised. Although the "jwt Proof Type" section of the OID4VCI spec defines a method that utilizes thex5c
header parameter, the "Credential Issuer Metadata Parameters" section does not include a string constant that corresponds tox5c
.
I was about to comment on issue 283, that I find the definition of cryptographic_binding_methods_supported
confusing. 😄
Initially, I had the impression that, as you describe, it expresses the ways a key can be found inside the proof.
My current understanding though, exactly because x5c
was missing, is that it expresses the format of keys in the issued VC.
I guess it should be clarified in VCI spec.
from java-oauth-server.
Related Issues (7)
- Grant request instead of Implicit Flow + Walkthru HOT 3
- Incorrect 'aud' claim in access tokens HOT 5
- Link for Authlete Web APIs in the readme file is not working HOT 1
- Any plan to have a SDK or reference implementation for NodeJS?
- command " mvn jetty:run & " is fine for windows but in ubuntu 16 it is not working. HOT 2
- I tried to import project in eclipse but i got following errors in ubuntu 16 ,it works fine for windows HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from java-oauth-server.