You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Currently in this project, in the opanid4vp flow we provide support exclusively for direct_post.jwt encrypted authorization response (accordingly with italian specs).
It appears that, as of today, the only authorization response mode supported in Potential interoperability D2.2 is the (unecrnytped) direct_post mode.
It is not clear if or when this requirement will be relaxed to also include encrypted direct_post.jwt mode, hence if we want to comply with interoperability goals we might need to support direct_post mode and provide configurations in order to enable it.
I think that no immediate action is required, but I still want to highlighting this fact so that one day we are ready to develope this feature if its necessity actually emerges.
The text was updated successfully, but these errors were encountered:
@Zicchio the solution for a proper interoperability is to always encryopt the response if the RP provide the public keys intended fro the encryption usage
the normative language in the italian specs should mandate the RP to have encryption JWKs in their metadata, while wallet units should try to encrypt if the rp allow them to do so
for our implementation we therefore newed to do encryption if the RP provide the public enc material suitable for this
So, if I understand correctly, we require that the authorization response MUST be encrypted IF AND ONLY IF the relying party has a configured (public) encryption key.
After a discussion, the approach on how to solve this problem has changed. Instead, we support both. To do so, make inference on the response body (giving priority to jwt) in this block of code
Currently in this project, in the opanid4vp flow we provide support exclusively for
direct_post.jwt
encrypted authorization response (accordingly with italian specs).It appears that, as of today, the only authorization response mode supported in Potential interoperability D2.2 is the (unecrnytped)
direct_post
mode.It is not clear if or when this requirement will be relaxed to also include encrypted
direct_post.jwt
mode, hence if we want to comply with interoperability goals we might need to supportdirect_post
mode and provide configurations in order to enable it.I think that no immediate action is required, but I still want to highlighting this fact so that one day we are ready to develope this feature if its necessity actually emerges.
The text was updated successfully, but these errors were encountered: