remove c_nonce from the token endpoint response
#381
Conversation
There was a problem hiding this comment.
I suggest to add a dedicated nonce endpoint to the credential issuer as replacement for the c_nonce token response parameter. Just removing the c_nonce will force wallets to try the credential issuance request in order to get a nonce in order to be able to create a proper nonce-bound proof of possession. That's complicated.
|
I think this is the previous issue about a nonce endpoint for wallet attestation that people were asking about on today's call: |
|
There has been a lot of discussion about this (and roughly mostly in favor of it) in recent months in #39 and also #331 and maybe elsewhere too. [edit: like https://github.com//issues/357 ] |
@tlodderstedt that's exactly what I had in mind when I started writing this draft: https://github.com/peppelinux/draft-demarco-oauth-nonce-endpoint?tab=readme-ov-file @jogu many of the conversations and points raised within the issue #71 was filtered and mentioned in the nonce endpoint draft |
…ue without the overhead of a full Credential Request
|
as requested, 074065b adds a dedicated nonce endpoint to the credential issuer as replacement for the c_nonce token response parameter |
There was a problem hiding this comment.
I would like to mandate nonce endpoint if the issuer requires the use of c_nonce, i.e. the presence of the endpoint enforces its usage, therefore we could get rid of sending fake ugly Credential requests to fetch a c_nonce completely.
Having this endpoint optional and no other indication of the issuer whether he requires c_nonce for proofs seems inefficient.
48a3678 updates the proposed text to do that. |
| @@ -710,6 +706,45 @@ Cache-Control: no-store | |||
| } | |||
| ``` | |||
|
|
|||
| # Nonce Endpoint {#nonce-endpoint} | |||
|
|
|||
| A Credential Issuer that requires `c_nonce` values to be incorporated into proofs in the Credential Request (see (#credential-request)) MUST offer a Nonce Endpoint. This endpoint allows a Client to acquire a fresh `c_nonce` value without the overhead of a full Credential Request. | |||
There was a problem hiding this comment.
improve readability
| A Credential Issuer that requires `c_nonce` values to be incorporated into proofs in the Credential Request (see (#credential-request)) MUST offer a Nonce Endpoint. This endpoint allows a Client to acquire a fresh `c_nonce` value without the overhead of a full Credential Request. | |
| This endpoint allows a Client to acquire a fresh `c_nonce` value without the overhead of a full Credential Request. A Credential Issuer that requires `c_nonce` values to be incorporated into proofs in the Credential Request (see (#credential-request)) MUST offer a Nonce Endpoint. |
but also do we really want to mandate nonce endpoint for all issuers that require c_nonce? than why keep an option to return c_nonce in credential response?
There was a problem hiding this comment.
was trying to keep the scope of the changes to something that had been agreed on while also accommodating Paul's request for changes
There was a problem hiding this comment.
while also keeping my own frustration in check about the fact that these are all things that were only hidden by the nonce from token endpoint but have existed all along so why do they always and only come up in the context of trying to make an improvement
There was a problem hiding this comment.
Also removing the ability to have send a c_nonce in the credential response would probably be a breaking change by most measures and it's unclear if the WG has the appetite for that.
Co-authored-by: Kristina <[email protected]>
fair questions that i guess should be discussed in the WG |
There was a problem hiding this comment.
I like the current direction.
If we keep things as-is, we can completely delete the chapter 7.3.2 as the nonce endpoint is doing the job and all other details are already covered in the main section of Credential Response
Noting that removing the ability to have send a c_nonce in the credential response would probably be a breaking change by most measures. Which, I think, would be okay by me. But should have some buy-in from the WG. |
|
Discussed on the WG call, direction on removing section 7.3.2 and consolidating its content in Nonce Endpoint definition. also in this PR, add a little more explanation that issuer can invalidate c_nonce any time. please open an issue on removing c_nonce_expires_in parameter (@tplooker). also agreed to open a separate issue on removing an option to return c_nonce from the credential error response, so that we can merge this PR as-is (@bc-pi). |
interesting is the idea to use the AT released by the token endpoint, and for the purpose of the credential issuance, to the oauth nonce endpoint as a protected endpoint. generally I assume that any endpoint might be protected with a token |
|
|
||
| The Credential Issuer provides a nonce value in the HTTP response with a 2xx status code and the following parameters included as top-level members in the message body of the HTTP response using the application/json media type: | ||
|
|
||
| * `c_nonce`: REQUIRED. String containing a nonce to be used when creating a proof of possession of the key proof (see (#credential-request)). |
There was a problem hiding this comment.
Okay, since this Nonce Endpoint is specifically tailored for credential issuance within the sole scope of the OpenID4VCI specs, it would make sense to rename the endpoint metadata parameter from nonce_endpoint to credential_nonce_endpoint.
In this way, other nonce endpoints created for other OpenID/IETF specs will not collide with this one.
The related section should therefore be renamed to "Credential Nonce Endpoint," adding "Credential" as a prefix to contextualize its scope.
I was wondering about this as well. One reason why I think it would make sense to keep the option to return |
I've created #393 to discuss/track "why keep an option to return c_nonce in credential response?" |
Co-authored-by: Paul Bastian <[email protected]>
|
Just to be sure, this PR creates two possible ways for the Issuer to provide the c_nonce, as both are described with MAY, this means the Wallet must implement both. Is this analysis correct? |
I don't think so, no. |
What do you think then? |
@jogu's analysis from over in one of the 87 other communication channels seemed, as I said there, constructive:
But also I think that this PR is a huge step in the right direction that is long overdue. And further improvements should be considered seriously per #393 soon after this is merged. Which is hopefully soon. |
|
Re-reading section 7.3.2 I think we should delete the following paragraph:
I think leaving this paragraph in would lead to confusion, especially given that weird MUST that now contradicts the Nonce endpoint |
|
FWIW, I think that the removal of I was hoping, though, to have a single way (for the caller/wallet) to obtain such a For instance, in draft 13, it was clear - although not explicitly stated - that the main way to obtain With this PR, unless I am missing something, a wallet should be prepared to handle
|
That that weird MUST needs to change but I'm reluctant to delete the whole paragraph. |
|
As I would read this PR, it recommends the wallet to use the nonce endpoint if it's present and the parameter in credential response is kind of an alternative/fallback. Therefore this paragraph does not fit any longer. |
|
aadb2bb is what I was able to summon the appetite for |
Co-authored-by: Giuseppe De Marco <[email protected]>
| Below is a non-normative example of a Nonce Request: | ||
|
|
||
| ``` | ||
| GET /nonce HTTP/1.1 |
There was a problem hiding this comment.
Wouldn't a POST request be more appropriate? I mean the endpoint is supposed to provide a new/different value with every response and the result should not be cached (in my opinion).
There was a problem hiding this comment.
+1, I tried to push in this direction as well: #381 (comment)
There was a problem hiding this comment.
I didn't realize this was GET. my suggestion has been POST. In german wallet project we have been prototyping with POST and it works well https://bmi.usercontent.opencode.de/eudi-wallet/eidas-2.0-architekturkonzept/flows/PID-IssuerSigned-cloud/#issuer-session-endpoint-at-the-pid-provider
There was a problem hiding this comment.
Other than describing the media type of content that doesn't exist as JSON, which is semantically invalid and maybe syntactically wrong too, what value does the German wallet project get from using POST?
=== Screenshot of the previously cited german wallet project ===
There was a problem hiding this comment.
Wouldn't a POST request be more appropriate?
No.
I mean the endpoint is supposed to provide a new/different value with every response and the result should not be cached (in my opinion).
That's why it was made not cacheable in the example https://github.com/openid/OpenID4VCI/pull/381/files#diff-1f424614b35a9899813079f1b1f6218631a2aedd993368ccb89bb81a9eda0289R741 and text https://github.com/openid/OpenID4VCI/pull/381/files#diff-1f424614b35a9899813079f1b1f6218631a2aedd993368ccb89bb81a9eda0289R734 using the Cache-Control construct that HTTP gives for control of caching.
There was a problem hiding this comment.
+1, I tried to push in this direction as well: #381 (comment)
My naive feeling that using a GET to get some data is the most straightforward way to get some data remained unchanged by that discussion over the course of the last two weeks.
There was a problem hiding this comment.
My 2 cents for what they are worth,
If we asked the question "is this call safe (i.e. is it read-only)" I think the answer would be "maybe". Safe calls shouldn't alter the state of the server in any way but without knowing how the server implements the nonce endpoint we would not know the answer to the question.
If we asked the question "is this call idempotent" I think we would also get a "maybe". Client could do this call just to "fetch a value" which might not assume any intention of a side-effect, and from the perspective of the server it would depend on the implementation.
I do see the point in making it a GET because it is technically just fetching a random value, so semantically if fits, but there might be an embedded assumption here that this random value is a prerequisite for some other steps, and that getting a nonce can be viewed as setting up a state that needs to be validated by the server.
One could argue that it might be safer to make this a POST because this would communicate that the call might not be safe or idempotent and that subsequent calls could cause load, burden, and side-effects for the server.
But this is just philosophizing, I personally do not have a clear preference, I see arguments for both GET and POST.
| @@ -1044,7 +1081,7 @@ Cache-Control: no-store | |||
|
|
|||
| The Credential Issuer MAY provide the Client with a `c_nonce` as defined in (#credential-response) in a Credential Error Response using `invalid_proof` error code defined in (#credential-error-response) if the Credential Issuer Metadata contains `proof_types_supported` indicating a key proof is required for the requested Credential. Depending on the Credential Issuer policy, this occurs if they receive a Credential Request without a `c_nonce` or with an invalid `c_nonce` value included in the proof(s) in the `proof` or `proofs` parameter. | |||
|
|
|||
| If the Client has not received a `c_nonce` and the Credential Issuer Metadata contains `proof_types_supported` indicating a key proof is required for the requested Credential, the Client MUST send a Credential Request that contains a `proof` or `proofs` parameter that is fully valid but does not include a `c_nonce` value. It is the Credential Issuer policy whether or not a `c_nonce` value is required in the key proofs. | |||
| If the Client has not received a `c_nonce` and the Credential Issuer Metadata contains `proof_types_supported` indicating a key proof is required for the requested Credential, the Client can send a Credential Request that contains a `proof` or `proofs` parameter that is fully valid but does not include a `c_nonce` value. It is the Credential Issuer policy whether or not a `c_nonce` value is required in the key proofs. | |||
There was a problem hiding this comment.
When is this paragraph apply? I'm asking since the client can always obtain a c_nonce from the nonce endpoint.
There was a problem hiding this comment.
+1, I was trying to push in this direction as well: #381 (comment)
There was a problem hiding this comment.
As I've tried to convey in comments on this PR and in calls over the course of the last month, I attempted to keep the scope of this change narrow so as to hopefully make it acceptable to the wide range of opinions and oftentimes irregular participation of the WG members. I have clearly failed in my efforts. I believe the text in question here was written recently by @awoie and because it is still true that "Credential Issuer policy whether or not a c_nonce value is required in the key proofs" and a "Client can send a Credential Request that contains a proof or proofs parameter that is fully valid but does not include a c_nonce value" it seemed like it applied enough to not delete it.
remove
c_nonceandc_nonce_expires_infrom the token endpoint response to fix #39again